The State Newspaper in Columbia has published an article that doesn’t mince words.
A common theme that seems to recur in the questions that we are fielding at Tax On Wheels, LLC is how do I find out if my information is in the group that was compromised?
We have not been able to find any announcement from the state of South Carolina indicating whether there are certain groups of taxpayers who are more at risk than others in regard to the hacking incident at the South Carolina Department of Revenue. As far as we can tell everyone is at risk and needs to follow the instructions provided by the state.
Dependents who were listed on the tax returns filed with the state are at risk as well and need to be considered when deciding how to protect your information. There was discussion at the press conference this morning of a “family plan” which is designed to protect dependent children.
If anyone is asking for your credit card number or is otherwise trying to charge you money you are probably in the wrong place.
There is no urgency here folks. The damage is done. We recommend that you slow down and fully understand what we are doing here. The criminals will be in full bloom on this issue and if you are not careful you could make a bad situation worse by giving your information to the wrong people.
If there are any news media representatives reading this we encourage you to do basic step by step stories to help people understand the issues here. Many people just don’t seem to understand how this works. There are elderly people calling Tax On Wheels, LLC in a panic because not only do they not have an email address, they don’t have a computer or even know how to operate one. So how are they supposed to sign up for the protection offered by the state.
There seems to be a bit of a panic setting in, and we urge everyone to remain calm.
Update November 2, 2012
The South Carolina department of Revenue has issued a PDF document that summarizes the events surrounding the recent security breach and their recommended actions. Click here to view the document.
There is also a new web page that provides information about the incident including information for businesses exposed to the security breach.
We have had two press conferences and we still don’t know the extent of the damage. We know that only expired credit cards were stolen, so no problems there. But no one has publicly indicated whether we should be concerned about the checking and savings accounts that are attached to tax returns for the purpose of direct depositing tax refunds or paying balances due. Clients are asking if they should start closing their bank accounts to prevent problems. Right now we just don’t have an answer to that question.
The press conference has ended and it looks like we still don’t know very much.
News organizations have begun putting up stories.
Here are some that seem relevant
2. The Post and Courier in Charleston
4. WIS Television in Columbia “Credit protection is retroactive”
5. The State Newspaper in Columbia “Data Breach about the worst you can get”
6. Silobreaker a national/international news aggregation website collects some stories
8. WMBF in Myrtle Beach/Florence “How the SCDOR website breach affects your family”
9. WYFF4/NBC news in Greenville “How to Protect Your Children in the SCDOR Security Breach”
10. The New York Times finally gets in on the story
We will continue searching for relevant stories and add to the list as we find them.
The national news media has been eerily silent about the South Carolina data breach. I guess they are all busy reporting on the “FrankenStorm” aka Hurricane Sandy. Both the storm and the story have just about run their course, so hopefully the majors will begin to weigh in on the South Carolina story.
During the press conference on Tuesday morning State government officials indicated that only 5000 credit card numbers were taken and all 5000 were expired. So no active credit cards were taken. No mention of checking or savings accounts which were linked to tax returns for the purpose of direct deposit of tax refunds or balance due payments.
Video information on ProtectmyId
We posted this IRS resource on an earlier post.
IRS representatives have just distributed to tax professionals a link to a similar page here.
And we have some generic identity theft tips in our TaxTips newsletter here.
The press conference just ended, and it sounds like the authorities are not able to tell us much more than we already know. I will try to post some links to news stories from the media as they are posted.
Click here to view “What we think we know 2”
We have gotten many calls about the incident with the South Carolina Department of Revenue security breach and we are happy to help as many of you as we possibly can.
In order to assist as many people as possible we will update this blog as official information becomes available.
It appears that as of now if you want to protect your own social security number and the social security numbers of other family members, such as a spouse or elderly parents, you will need to have a separate email address for each social security number. This appears to be a limitation in the system as of Sunday October 28, 2012.
We just spoke with a client who was able to use the same email address for both spouses by using a separate userid and password for each spouse. So it appears that multiple email addresses are not required.
There is a press conference scheduled for Monday October 29, 2012 at 10:00 am. We recommend that you not take any action until after that press conference and perhaps the situation will be a little less confusing.
Welcome to Tax On Wheels, LLC
Please visit our blog to read the latest information on the South Carolina Department of Revenue security breach
If you are trying to reach the website to sign up for the free year of credit monitoring due to the South Carolina Department of Revenue security breach click here.
The website offered by the state of South Carolina Department of Revenue for tax filers who may be potential victims of identity theft is back up and online as of Sunday night. You may click through to www.protectmyid.com/scdor. The code needed to access the website is widely being reported by the media as “SCDOR123”.
It is also being reported that authorities will hold a press conference Monday morning October 29, 2012. Hopefully, this event will provide more specific information on what is at stake and how tax payers can better protect themselves.
We continue to recommend to our clients that you not take any action related to this incident until the dust settles. This problem will persist for months if not years and we see no advantage to being first in line to take advantage of the limited resources that are being provided at this time.
As always, you should be vigilant about protecting your credit and other financial matters. We have provided some generic tools to use in protecting your finances in our newsletter, TaxTips. You may click here to download a PDF version of the latest TaxTips newsletter.
The problem, as we see it, is that criminals will still have access to our social security numbers long after the one year of free credit monitoring has expired. And the question becomes, what then? Right now that question has not been addressed.
I suspect that this is a large enough breach of security that, at least in South Carolina, we may begin to implement laws which provide consumers with the ability to control their own credit profiles, rather than allowing that information to be at the mercy of profit making ventures which do not exercise sufficient care and diligence to eliminate this type of threat . Perhaps we will discuss this in more detail later.
For right now the watch phrase seems to be hurry up and wait. So let’s see what they have to say Monday.
As always, please feel free to contact Tax On Wheels, LLC at 803 732-4288 if you have questions or concerns.
This post is no longer valid and has been updated here
As of Sunday afternoon, October 28 2012 the ProtectmyId.com/scdor website appears to have been purposely taken down.
This is what you see when you click on the protectmyid.com/scdor link
Many people are understandably concerned about their identify information having been stolen in the South Carolina Department of Revenue cyber attack. This is a serious risk for everyone concerned but it is not cause for panic.
The first thing every victim should do in this situation is take a deep breath. Protecting your identity is going to be a long distance race not a sprint. This situation will play out over the coming months or even years, not days. Based on the information released so far, there is not any action that you can take over the weekend that is going to resolve this issue for you. It is theoretically possible that those of us who have been exposed to this risk will spend the rest of our lives dealing with it. So whether or not you take action this weekend may have limited impact on the ultimate outcome. It is also, theoretically possible, that none of this will have any impact on your credit information at all. At this point we simply don’t have enough information to determine if we are going to be personally affected. I am recommending to my clients that we wait and see what information is released by the authorities on Monday and Tuesday of this week before we decide how to proceed.
If you feel you must take some action immediately here is a link to the specific recommendations issued by the Department of Revenue.
I encourage everyone to bookmark this blog by clicking on the word “Blog” at the top of this page (not blog archives) and saving that page to your favorites or bookmarks. We will keep this page updated as information becomes available.
And, as always, please feel free to contact Tax On Wheels, LLC at 803 732-4288 if we may be of assistance to you.
The S.C. Department of Revenue announced on October 26, 2012 that approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers have been exposed in a cyber attack .
Anyone who has filed a South Carolina tax return since 1998 is urged to take the following steps:
Step 1. Call 1-866-578-5422 where you will enroll in a consumer protection service. The hours of operation are Monday – Friday 9:00 AM – 9:00 PM Eastern, Saturday and Sunday 11:00 AM – 8:00 PM Eastern.
Step 2. Then you will determine if you wish to have an online or US Mail alert mechanism.
Step 3. Next visit www.protectmyid.com/scdor. For the US Mail service, you will receive notifications via the US mail.
Experian’s ProtectMyID™ Alert is designed to detect, protect and resolve potential identity theft, and includes daily monitoring of all three credit bureaus. The alerts and daily monitoring services are provided for one year, and consumers will continue to have access to fraud resolution agents and services beyond the first year.
For complete information read the October 26, 2012 Press Release.