The Internal Revenue Service's announcement Tuesday of a data
breach affecting more than 100,000 households has prompted fresh
complaints from victims of tax identity theft about delayed
refunds, red tape, cumbersome IRS procedures and continued effects
on their finances.
Tax ID theft occurs when criminals steal personal information
and use it to claim a tax refund in a taxpayer's name before he or
she files. Many refunds are put on debit cards that can be hard to
trace, experts say. IRS Commissioner John Koskinen said the agency
assisted 875,000 victims of tax ID theft in the fiscal year ended
Sept. 30. The government lost at least $5.8 billion to refund scams
in 2013, according to the Government Accountability Office.
Rick Yost, a tire salesman from Palm City, Fla., said his
troubles began when he received an unsolicited Green Dot Corp.
prepaid debit card in the mail in March. It turned out, Mr. Yost
learned, that a $9,856 tax refund had been claimed in his name by a
fraudster who obtained Mr. Yost's date of birth and Social Security
number. The criminal opened the account with $20 and withdrew the
tax refund as soon as it posted, he said.
Getting that information wasn't easy, however. Mr. Yost couldn't
talk to a person at Green Dot without supplying part of his Social
Security number—"which I was reluctant to do, given the
circumstances," he said.
When he did reach a representative, he said he was frustrated to
learn that the firm never verified personal information about him
that was required to open an account—and most of it
didn't match his actual information.
A spokeswoman said Green Dot is looking into the case.
He also learned he would have to file separate legal affidavits
with the IRS and other agencies, notify credit bureaus, and file
his 2014 tax return on paper. He is about to do so—and
might have to wait six months for his federal refund of several
thousand dollars.
"We are the ones who are inconvenienced, not the thieves," said
Mr. Yost. He said he asked an IRS staffer working on his case why
no red flag was raised by the change from longtime direct-deposit
information to a debit card. The staffer responded, "We're working
on that!," according to Mr. Yost.
A spokeswoman for the IRS said the agency is continually
adjusting its fraud filters.
Vicki Niesen, a chemical engineer who works with an oil firm in
Houston, believes her ID theft began when her husband's 2014 W-2
information was stolen through Get Transcript, the compromised IRS
application that prompted Tuesday's announcement.
The false return filed in their names, she said, had her
husband's 2014 salary information "to the
dollar"—although the thieves included $28,000 of Social
Security income in the false return. It claimed a refund of
$26,424.
Complaining of the IRS's "idiocy," Ms. Niesen said: "The
questions to open 'Get Transcript' can easily be obtained through a
credit report, and obviously many people check your credit."
The IRS said it would contact the 104,000 taxpayers whose
information was compromised, as well as the 100,000 for whom
attempts were unsuccessful. The first group will be offered credit
monitoring, while the second will be warned that thieves have their
personal information.
Frank Abagnale, a noted cybersecurity expert, suggests that
victims remain wary for years. "Stolen identities are like fine
wine: the older they are, the more valuable they are. These
identities will be kept and used years from now to perpetrate
fraud," he says. (As a young man, Mr. Abagnale was convicted of
fraud-related crimes and served time in French, Swedish, and U.S.
prisons. His early life was portrayed in the film "Catch Me If You
Can.")
He also cautioned that the organized criminal groups likely
behind the ID thefts probably wouldn't use it for credit-card
fraud, which could be easily detected by credit monitoring.
"Instead, they will use stolen identities to file for government
benefits such as Medicaid and SNAP in states where the true
identities don't reside—so the fraud will never appear on
a credit report," he said.
Sen. Orrin Hatch (R., Utah), the chairman of the Senate Finance
Committee, Wednesday asked for a private briefing from the IRS
concerning the breach.
The IRS believes the hackers were from Russia, according to a
congressional aide familiar with the matter. The agency wouldn't
comment on the geographic origins of the attack.
John D. McKinnon contributed to this article.
Write to Laura Saunders at laura.saunders@wsj.com
Access Investor Kit for Green Dot Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US39304D1028
Subscribe to WSJ: http://online.wsj.com?mod=djnwires