In light of the debacle at the South Carolina Department of Revenue where confidential information for millions of taxpayers, including social security numbers, was stolen, credit monitoring has been a hot topic of discussion.  The state has paid for one year of credit monitoring through Experian for everyone affected.  But what happens when that year runs out.  There has been talk of the state possibly paying for a second year of credit monitoring for everyone but it is expected that everyone will pretty much be on their own when the year (or two) expires.

It turns out that there are free resources available for people who are unable (or refuse) to pay for credit monitoring.  This New York Times article provides details on free online services that may be a cost free alternative to paying for credit monitoring.

We have not reviewed or used these services nor do we recommend this or any other credit monitoring service.  We are simply providing information about available resources which you may find helpful.  As with any, online service, please make sure you check it out carefully and know the details before you sign up.

Please be sure to give Tax On Wheels, LLC a call at 803 732-4288 if you have questions about this or any other tax issue.

South Carolina taxpayers who are affected by the Department of Revenue cyber hacking incident will have an additional two months to sign up for free credit monitoring at www.protectmyid.com/scdor.

WIS Television in Columbia SC is reporting that the deadline for signing up has been extended until March 31, 2013.

–     Call 1-866-578-5422 to enroll in a consumer protection service. (The call center is open 9:00 AM – 9:00 PM EST on Monday through Friday and 11:00 AM – 8:00 PM EST on Saturday and Sunday.)

–      For any South Carolina taxpayer who wishes to bypass the telephone option, there currently is an online service available at http://www.protectmyid.com/scdor. Enter the code SCDOR123 when prompted.

The South Carolina Department of Consumer Affairs in conjunction with the South Carolina State Library is offering a free webinar to provide information on avoiding and detecting identity theft.  The webinar will be conducted on Tuesday, December 18, 2012 10:30 AM – 11:30 AM EST.

The webinar is free and open to the public.  Click here to register to attend.

According to an article published in the State Newspaper, South Carolina tax filers who were subject to the social security number theft at the Department of Revenue will have a day to be able to sign up for the ProtectMyID identity theft protection without a computer.  Read the article for details.

Computer technology has become so ubiquitous that decision makers sometimes fail to realize that there is still a world full of people who live their lives (just fine thank you very much) without computers, smartphones, social networking or the internet.

Thankfully, the ProtectMyID service is supposed to be available to the Luddites on Saturday morning December 8, 2012.

It took a couple of weeks for the public to be notified of the theft of South Carolina tax information and a couple more weeks for useful information to begin to trickle out.  With that as the foundation of this issue it is apparent that speed is not going to save the day.  So there really is no need to get into a panic and rush through anything.  For those of us who have had our tax information stolen this will be a race of endurance, perhaps a lifelong struggle to secure our identity.

The SCDOR cyber theft heralds the end of a world where there is even a semblance of privacy.  If it ever did exist, privacy is certainly a thing of the past.  South Carolina is simply the biggest fish to get caught so far.   Even before the SCDOR hacking was announced to the public, a major insurance company contacted authorities regarding the theft of several thousand social security numbers in a similar cyber theft incident.  Folks, we are simply not in Kansas anymore.

Before we provide our list of recommended actions to protect yourself from these crimes, I would like to ask you a few questions.

• Why is it that we have to take specific affirmative action to stop the credit bureaus from giving our private information to whoever is willing to pay them for it?
• Why doesn’t the system require us to take some action to authorize the use of our information?
• And if it is our information and it belongs to us why do they get paid for it?

While you are chewing on that let’s explore the grassy knoll a bit more and list a few things that I think you can do to protect yourself not only from the criminals working outside the system but also from the fine upstanding corporations who trade our identities like so many marbles after school at the neighborhood playground.

1. Yes, by all means, sign up for the ProtectMyID/scdor free year of credit protection, as woefully insufficient as it may be and as complicit as the credit bureaus may be in causing you to need this protection.  Hen house meet fox!
2. Credit protection will not protect your bank account.  Therefore you will need to determine how best to protect any account that was used to receive a state of South Carolina tax refund or pay a South Carolina balance due on any efiled tax return since 1998.  I struggled with the wording of this recommendation but I think the best thing I can say is “contact your financial institution and let them help you determine whether or not you need to close your bank account.”  There is an interesting article here that discusses the bank account issue.  One point raised in the article is that your bank account information is on every check you write so that information is already out there.  To which I would reply A. Who writes checks anymore and B. If we do write a check it is usually not written to Russian cyber criminals (unless you count birthday checks to the grand kids).
3. Monitor your bank accounts daily or at least weekly.  If you are afraid of online banking it is time to educate yourself and overcome that fear.  It simply is not sufficient to wait until the monthly statement comes in the mail 30 to 40 days later.  By then the damage is done.  Sure the bank may replace all of your stolen money a few days or weeks later  but you are still the one that will have to go all over town explaining why your checks bounced if your money is stolen.
4. Review every item on every credit card on every statement every month. And don’t let them talk you into getting online statements instead of paper statements unless you are a college student and your address changes every 9 months.  Online statements can easily get caught up in the rush of all the other junk email that comes into your in box. If you plan to be at your address for the next 20 years request the paper statements.  Besides, the post office needs the work.
5. Purchase a high quality cross cut shredder and shred those bank and credit card statements after you have reviewed them for accuracy.  Do not let your information leave your house by way of the garbage.
6. Promptly open and read every piece of mail that comes to your mailbox even if it looks like junk mail.  Some of that mail may hold clues that something strange is happening with your credit information and allow you to nip it in the bud.
7. Go online and Google yourself (ask your grand kids if you don’t know what that means).  You might be surprised at all of the information about you that is already floating around out there for anybody willing to look for it.  And its all legal.  Available data include your birth date, the price you paid for your house, a picture of your house (both aerial and street view) with a map to your house, a list of your relatives, your arrest records, your occupation, your education and who knows what else.  And this is for anybody with an internet connection.  Just imagine what can be found by people with special tools, training and a bit of larceny in their hearts.  The point is that there is no such thing as privacy.  Govern yourself accordingly.

This list is still evolving and may grow as we find new information so check back often.

If you need assistance with the issues raised in this post please feel free to contact Tax On Wheels, LLC at 803 732-4288.

 

The released version of the Mandiant report can be found here.  Not much volume in the report.  It appears to be more of an executive summary.  The entire document is only 4 pages long (and one of those pages is the cover page).

But it doesn’t really matter much since the report mostly focuses on who did what, how they did it and when they did it.  I am sure the law enforcement types will be very interested in this type of information.  But for those of us concerned about protecting ourselves from the perils of this incident there simply isn’t any useful information here.

The press conference (see below) provided more interesting revelations.

The state confirmed that bank account numbers were in fact stolen. 

Apparently everyone affected by this data theft will be contacted by the state.  The state has indicated that they have a much better idea of exactly who is affected.  It appears that only taxpayers who filed electronically were exposed.  Paper return filers appear to be unaffected.  I hope the state will implement some sort of public relations campaign to reassure taxpayers that electronic filing and direct deposit will be a safe and secure process going forward.  You can see how the public might arrive at the conclusion that it is safer to mail a paper return and receive a paper refund check.  Tax On Wheels, LLC has always encouraged clients to e-file and use direct deposit and direct draft to receive refunds and settle balances due.  It would be a shame to see 20 years of progress lost to this incident.

The only other big announcement is that the director of the SC Department of Revenue will commit hara-kiri effective the end of the year by resigning.

Stay tuned for our client recommendations related to this incident, we are still researching the details but we hope to post the recommendations in the next day or two (maybe three with the holidays).

Other than that just see the press conference for yourself and form your own opinions.

This looks as bad as we suspected it would be.  We have not read the report but several news outlets are reporting key details.

The Post and Courier in Charleston has the best summary right now

1.  Yes, the thieves stole bank account information in addition to social security numbers.

2.  The State knows exactly who had their information stolen and who is not exposed.  Apparently anybody who filed paper tax returns and did not filed electronically for any of the affected years  is “safe”.

3.  The Director of the Department of Revenue will resign by the end of the year.

Tax On Wheels, LLC will probably have specific recommendations for our clients after we read the report.  We will post our recommendations here for anyone who is interested.

 

 

As we try to find out what has happened, and who it has happened to, in the SC Department of Revenue cyber hacking cases the details have been painfully slow in coming to light.

State officials have drifted into basic radio silence with no new press conferences since the initial flurry near the beginning of November.  And while everyone seems to have calmed down since the initial panic, the whole cyber hacking  affair seems to have fallen into something of a stasis.  Not much new has occurred since the announcement of ProtectMyID from Experian, which given the magnitude of the potential problem, seems to be woefully inadequate at just one year of coverage.

Even though we still don’t know much about what happened, the State Newspaper has a good  article summarizing what we know and don’t know about the cyber hacking as well as a list of questions we still need answered.  The article can be found by clicking here to go their website.

The New York Times finally has an “article” on the South Carolina Department of Revenue cyber hacking scandal.  And I use the word article loosely, as this piece seems to be mostly a rehash of the two week old story but it is at least a start.  (Links to older stories here)

If you detect a bit of frustration in my writing it is because I think this story deserves more coverage than it has received.  I don’t believe we are going to ever find out what really happened until someone applies some significant resources in this effort.  Granted there was an election and a major storm to cover but the majors have been almost completely silent on this story until now.  It always seems they  are quick to work any story that plays into the stereotype of southerners as backwards, Dukes of Hazards, Deliverance types.  But this story affects everyone.  If they can breach the tax records in South Carolina, they can breach the tax records anywhere.  Its time we started getting some answers.

Come on national media , get off your humps and get to work on this story.

The state of South Carolina recently announced that businesses that have filed tax returns since 1998 are also at risk due to the recent security breach at the Department of Revenue.

Consequently, starting Friday Nov. 2nd, Dun & Bradstreet Credibility Corp. will offer
South Carolina businesses who have filed a tax return since 1998 a
complimentary CreditAlert™product which will alert businesses to
changes to their D&B® scores and ratings.

Click here to go to the SCDOR website for businesses subject to the security breach

Click here to go to the Dun & Bradstreet website to register your business.

Please understand that these are the instructions on the South Carolina Department of Revenue website and we are posting this information solely as a courtesy to our friends and clients.  Tax On Wheels, LLC does not recommend or endorse any credit reporting service.  We continue to urge everyone to take a step back and make sure you understand the ramifications of using this or any credit reporting service.  Then and only then should you determine if using a credit reporting service is the proper course of action for your business or personal information.