Just how safe is your personal information when you send in your tax forms to the Internal Revenue Service (IRS)? A little over 5 years ago it was revealed that the IRS was missing more than 2300 computers. Eventually 1600 of the 2300 missing computers were located.
A recent internal audit of the IRS fount that “at least” 490 computers, which included 13 desktop computers, were lost or stolen in 387 separate incidents between January 2003 and June 2006. Of the approximately 100,000 employees, 47,000 have been issued laptop computers.
A copy of the report titled “The IRS is not adequately protecting taxpayer data on laptop computers and other portable electronic media devices” can be found on the Treasury Inspector General for Tax Administration web site.
Every year the IRS processes more than 220 million tax returns containing personal financial information and personally identifiable information such as Social Security Numbers.
The report goes on to state “We found hundreds of IRS laptop computers and other computer devices had been lost or stolen, employees were not properly encrypting data on the computer devices, and password controls over laptop computers were not adequate. As a result, it is likely that sensitive data for a significant number of taxpayers have been unnecessarily exposed to potential identity theft and/or other fraudulent schemes.”
Of the 490 computers lost or stolen, 111 losses occured within IRS facilities. The auditors also conducted security tests on 100 laptop computers and found that 44 of them contained unencrypted sensitive data, including taxpayer data and employee personnel data. The auditors also found that other devices such as flash drives, CDs and DVDs contained sensitive data that wasn’t always encrypted although they had reported similar findings to the IRS in July 2003.
Four offsite facilities where backup data is stored were also evaluated for security. Again, data was not encrypted or adequately protected. The weaknesses were attributed to a “lack of emphasis by management.”
The audit also found that employees did not properly report 76 percent of all incidents of lost or stolen computers and/or sensitive data to the IRS Computer Security Incident Response Center (CSIRC) or to the Treasury Inspector General for Tax Administration (TIGTA) Office of Investigations, the law enforcement organization for internal IRS affairs.
The IRS isn’t the only Federal Agency that loses computers. Earlier this year the FBI reported that 160 laptops (and 160 weapons) had been lost or stolen over a 44 month period.
In September 2006, the Department of Commerce reported 1,138 lost, stolen, or missing laptop computers since 2001. Of these laptop computers, 249 contained sensitive information that identified individuals.
In May 2006, the Department of Veterans Affairs reported a stolen external hard drive containing personal information on approximately 26 million veterans and United States military personnel.
In April 2006, the same company the IRS uses to store backup data for some area offices lost a container of backup tapes that included personal information to as many as 17,000 current and former employees of the Long Island Railroad.
In April 2006 it was also reported that flash drives previously owned by the Department of Defense were stolen from a military base and sold in an open market if a foreign country. The flash drives purportedly contained potentially sensitive military intelligence data, including names, pictures and phone numbers of spies or other informants working with the United States military. The news media reported that the documents appeared to be authentic, but the accuracy of the information couldn’t be verified.
Elsewhere, the Boston Herald is reporting that an array of personal information that can be used by identity thieves is freely available on the web site of the Massachusetts Secretary of State William Galvin. Social Security Numbers, bank account numbers, home addresses and phone numbers can be viewed with a few clicks and Galvin doesn’t plan to remove it.
Galvin’s office maintains tens of thousands of records of commercial borrowing by Massachusetts residents put online to make it easier for lenders to access it. There is no security in place to prevent anyone else from viewing the information.
Ironically, Galvin criticized Governor Deval Patrick for failing to protect information about voters on his campaign site.
Identity theft refers to a crime in which someone fraudulently or deceptively uses another person’s personal data for financial or economic gain. The Department of Commerce estimates that more than 50 million identities were compromised in 2005.
Check your credit report on a regular basis. If you think you’ve become a victim of identity theft or fraud, act immediately to minimize the damage to your personal funds, financial accounts and your reputation.
Under the Identity Theft and Assumption Deterrence Act, the Federal Trade Commission (FTC) is responsible for receiving and processing complaints from people who believe they may be victims of identity theft. Visit the FTC online to report it.
To report fraud:
call (800) 525-6285 or
write to P.O. Box 740250, Atlanta, GA 30374-0250.
To order a copy of your credit report ($8 in most states):
call (800) 685-1111 or
write to P.O. Box 740241, Atlanta, GA 30374-0241
Experian (formerly TRW)
To report fraud:
call (888) 397-3742 or
write to P.O. Box 1017, Allen, TX 75013.
To order a copy of your credit report ($8 in most states):
call (888) 397-3742 or
write to P.O. Box 2104, Allen TX 75013
To report fraud:
call (800) 680-7289 or
write to P.O. Box 6790, Fullerton, CA 92634.
To order a copy of your credit report ($8 in most states):
call (800) 888-4213 or
write to P.O. Box 390, Springfield, PA 19064
Contact all creditors with whom your name or identifying data have been fraudulently used.
Contact the major check verification companies if you have had checks stolen or bank accounts set up by an identity thief.
CheckRite — (800) 766-2748
ChexSystems — (800) 428-9623 (closed checking accounts)
CrossCheck — (800) 552-1900
Equifax — (800) 437-5120
National Processing Co. (NPC) — (800) 526-5380
SCAN — (800) 262-7771
TeleCheck — (800) 710-9898
For more information on preventing and reporting identity theft visit Comparitech.
Back to Bill’s Blog | Bill’s Links and More