According to an article published in the State Newspaper, South Carolina tax filers who were subject to the social security number theft at the Department of Revenue will have a day to be able to sign up for the ProtectMyID identity theft protection without a computer.  Read the article for details.

Computer technology has become so ubiquitous that decision makers sometimes fail to realize that there is still a world full of people who live their lives (just fine thank you very much) without computers, smartphones, social networking or the internet.

Thankfully, the ProtectMyID service is supposed to be available to the Luddites on Saturday morning December 8, 2012.

It took a couple of weeks for the public to be notified of the theft of South Carolina tax information and a couple more weeks for useful information to begin to trickle out.  With that as the foundation of this issue it is apparent that speed is not going to save the day.  So there really is no need to get into a panic and rush through anything.  For those of us who have had our tax information stolen this will be a race of endurance, perhaps a lifelong struggle to secure our identity.

The SCDOR cyber theft heralds the end of a world where there is even a semblance of privacy.  If it ever did exist, privacy is certainly a thing of the past.  South Carolina is simply the biggest fish to get caught so far.   Even before the SCDOR hacking was announced to the public, a major insurance company contacted authorities regarding the theft of several thousand social security numbers in a similar cyber theft incident.  Folks, we are simply not in Kansas anymore.

Before we provide our list of recommended actions to protect yourself from these crimes, I would like to ask you a few questions.

  • Why is it that we have to take specific affirmative action to stop the credit bureaus from giving our private information to whoever is willing to pay them for it?
  • Why doesn’t the system require us to take some action to authorize the use of our information?
  • And if it is our information and it belongs to us why do they get paid for it?

While you are chewing on that let’s explore the grassy knoll a bit more and list a few things that I think you can do to protect yourself not only from the criminals working outside the system but also from the fine upstanding corporations who trade our identities like so many marbles after school at the neighborhood playground.

  1. Yes, by all means, sign up for the ProtectMyID/scdor free year of credit protection, as woefully insufficient as it may be and as complicit as the credit bureaus may be in causing you to need this protection.  Hen house meet fox!
  2. Credit protection will not protect your bank account.  Therefore you will need to determine how best to protect any account that was used to receive a state of South Carolina tax refund or pay a South Carolina balance due on any efiled tax return since 1998.  I struggled with the wording of this recommendation but I think the best thing I can say is “contact your financial institution and let them help you determine whether or not you need to close your bank account.”  There is an interesting article here that discusses the bank account issue.  One point raised in the article is that your bank account information is on every check you write so that information is already out there.  To which I would reply A. Who writes checks anymore and B. If we do write a check it is usually not written to Russian cyber criminals (unless you count birthday checks to the grand kids).
  3. Monitor your bank accounts daily or at least weekly.  If you are afraid of online banking it is time to educate yourself and overcome that fear.  It simply is not sufficient to wait until the monthly statement comes in the mail 30 to 40 days later.  By then the damage is done.  Sure the bank may replace all of your stolen money a few days or weeks later  but you are still the one that will have to go all over town explaining why your checks bounced if your money is stolen.
  4. Review every item on every credit card on every statement every month. And don’t let them talk you into getting online statements instead of paper statements unless you are a college student and your address changes every 9 months.  Online statements can easily get caught up in the rush of all the other junk email that comes into your in box. If you plan to be at your address for the next 20 years request the paper statements.  Besides, the post office needs the work.
  5. Purchase a high quality cross cut shredder and shred those bank and credit card statements after you have reviewed them for accuracy.  Do not let your information leave your house by way of the garbage.
  6. Promptly open and read every piece of mail that comes to your mailbox even if it looks like junk mail.  Some of that mail may hold clues that something strange is happening with your credit information and allow you to nip it in the bud.
  7. Go online and Google yourself (ask your grand kids if you don’t know what that means).  You might be surprised at all of the information about you that is already floating around out there for anybody willing to look for it.  And its all legal.  Available data include your birth date, the price you paid for your house, a picture of your house (both aerial and street view) with a map to your house, a list of your relatives, your arrest records, your occupation, your education and who knows what else.  And this is for anybody with an internet connection.  Just imagine what can be found by people with special tools, training and a bit of larceny in their hearts.  The point is that there is no such thing as privacy.  Govern yourself accordingly.

This list is still evolving and may grow as we find new information so check back often.

If you need assistance with the issues raised in this post please feel free to contact Tax On Wheels, LLC at 803 732-4288.

 

The released version of the Mandiant report can be found here.  Not much volume in the report.  It appears to be more of an executive summary.  The entire document is only 4 pages long (and one of those pages is the cover page).

But it doesn’t really matter much since the report mostly focuses on who did what, how they did it and when they did it.  I am sure the law enforcement types will be very interested in this type of information.  But for those of us concerned about protecting ourselves from the perils of this incident there simply isn’t any useful information here.

The press conference (see below) provided more interesting revelations.

The state confirmed that bank account numbers were in fact stolen. 

Apparently everyone affected by this data theft will be contacted by the state.  The state has indicated that they have a much better idea of exactly who is affected.  It appears that only taxpayers who filed electronically were exposed.  Paper return filers appear to be unaffected.  I hope the state will implement some sort of public relations campaign to reassure taxpayers that electronic filing and direct deposit will be a safe and secure process going forward.  You can see how the public might arrive at the conclusion that it is safer to mail a paper return and receive a paper refund check.  Tax On Wheels, LLC has always encouraged clients to e-file and use direct deposit and direct draft to receive refunds and settle balances due.  It would be a shame to see 20 years of progress lost to this incident.

The only other big announcement is that the director of the SC Department of Revenue will commit hara-kiri effective the end of the year by resigning.

Stay tuned for our client recommendations related to this incident, we are still researching the details but we hope to post the recommendations in the next day or two (maybe three with the holidays).

Other than that just see the press conference for yourself and form your own opinions.

This looks as bad as we suspected it would be.  We have not read the report but several news outlets are reporting key details.

The Post and Courier in Charleston has the best summary right now

1.  Yes, the thieves stole bank account information in addition to social security numbers.

2.  The State knows exactly who had their information stolen and who is not exposed.  Apparently anybody who filed paper tax returns and did not filed electronically for any of the affected years  is “safe”.

3.  The Director of the Department of Revenue will resign by the end of the year.

Tax On Wheels, LLC will probably have specific recommendations for our clients after we read the report.  We will post our recommendations here for anyone who is interested.

 

 

As we try to find out what has happened, and who it has happened to, in the SC Department of Revenue cyber hacking cases the details have been painfully slow in coming to light.

State officials have drifted into basic radio silence with no new press conferences since the initial flurry near the beginning of November.  And while everyone seems to have calmed down since the initial panic, the whole cyber hacking  affair seems to have fallen into something of a stasis.  Not much new has occurred since the announcement of ProtectMyID from Experian, which given the magnitude of the potential problem, seems to be woefully inadequate at just one year of coverage.

Even though we still don’t know much about what happened, the State Newspaper has a good  article summarizing what we know and don’t know about the cyber hacking as well as a list of questions we still need answered.  The article can be found by clicking here to go their website.

The New York Times finally has an “article” on the South Carolina Department of Revenue cyber hacking scandal.  And I use the word article loosely, as this piece seems to be mostly a rehash of the two week old story but it is at least a start.  (Links to older stories here)

If you detect a bit of frustration in my writing it is because I think this story deserves more coverage than it has received.  I don’t believe we are going to ever find out what really happened until someone applies some significant resources in this effort.  Granted there was an election and a major storm to cover but the majors have been almost completely silent on this story until now.  It always seems they  are quick to work any story that plays into the stereotype of southerners as backwards, Dukes of Hazards, Deliverance types.  But this story affects everyone.  If they can breach the tax records in South Carolina, they can breach the tax records anywhere.  Its time we started getting some answers.

Come on national media , get off your humps and get to work on this story.

The state of South Carolina recently announced that businesses that have filed tax returns since 1998 are also at risk due to the recent security breach at the Department of Revenue.

Consequently, starting Friday Nov. 2nd, Dun & Bradstreet Credibility Corp. will offer
South Carolina businesses who have filed a tax return since 1998 a
complimentary CreditAlert™product which will alert businesses to
changes to their D&B® scores and ratings.

Click here to go to the SCDOR website for businesses subject to the security breach

Click here to go to the Dun & Bradstreet website to register your business.

Please understand that these are the instructions on the South Carolina Department of Revenue website and we are posting this information solely as a courtesy to our friends and clients.  Tax On Wheels, LLC does not recommend or endorse any credit reporting service.  We continue to urge everyone to take a step back and make sure you understand the ramifications of using this or any credit reporting service.  Then and only then should you determine if using a credit reporting service is the proper course of action for your business or personal information.

The state newspaper in Columbia has the story about business now being exposed to the data breach at the South Carolina Department of Revenue.  Click here to go to the story on the The State Newspaper website.

ProtectMyID is a free service that is paid for by the State of South Carolina.  Do not give anyone your credit card number for anything related to the data breach at the Department of Revenue.

We have helped many people here over the past few days, mostly with directions on how to get to the right place.  We notice that there seem to be quite a few elderly people having difficulty trying to navigate this process.  It sounds like this is the first time many of them have turned on the computer since the grand kids came to visit this summer.  This could be a recipe for disaster.  What we may find is that the cure may be worse than the disease.  In the rush to do something in panic we may create more identity theft incidents than the original data breach.

Case in point, one elderly couple who called us seemed quite adept at following our instructions to get them to the correct web site.  We directed them to our website so that they could click thru to the proper www.protectmyid.com/scdor website.  But no matter how many times they did it correctly, the ended up on a website that wanted them to pay $15 using their credit card.  My guess is that they have some sort of virus on their computer that hijacks their web traffic to pirate sites.

This could get ugly.

We are updating What we think we know about protectmyid/scdor 2 here with the little we have been able to find out so far.  But I want this topic to be at the top of the blog list for anyone who needs to get up to speed quickly.