Are You a Victim of Identity Theft? re: IRS Data Breach
Thursday, February 18, 2016

I recently learned from the IRS (via computer generated Form 5071C sent by “snail” mail) that I am the victim of identity theft.  I guess I was one of the 464,000 individuals whose names and Social Security Numbers were recently stolen from the IRS’ database.  What a feeling of violation and disruption! To make matters worse, this is the second time in two years my identity has been stolen and someone has attempted to file a fraudulent tax return claiming a refund (which I definitely know is not true nor due).

So, I went to the secure Identity Verification Service website at irs.gov to verify my identity and let the IRS know that it was not me who filed the fraudulent return.  This is where the story gets interesting.

The IRS website leads you through a list of questions that, at best , can be described as a test of memory with multiple choice answers (none of which may be correct) and, at worst, a trip down ancient memory lane requiring deductive reasoning to guess the right answer (or just incorrectly answer).

Here’s an example:  “How long did you live at 123 Main Street with [your ex-wife]?” First of all, I have not spoken or heard from my ex-wife in over 26 years.  Second, any memory of our existence was erased by my 25+ year marriage to my second wife. Third, the answers given in the multiple choice “exam” may or may not have been correct, since the IRS does not know that my ex-wife and I were separated for a period longer than the period stated in the publicly filed divorce decree (i.e., the period of separation merely had to state a period longer than one year to qualify for no-fault divorce).  So, was the IRS’ question based upon public documents, such as the divorce decree, or actual information that only my ex and I knew?  Fortunately, I answered the question correctly, by pure luck.

The next question threw me for a loop.  IRS: “In what year was your house at 123 Main Street built”?  I barely remember when the house was sold since it was almost 20 years since I lived in that house, and they are asking me when the damn house was built?  I should have thought more resourcefully and looked it up online (you can find out this information through Zillow and other online resources), but if the website “times out”, you are locked out and cannot continue with the online interview.  So, running out of time, I guessed – incorrectly – and was locked out of the website anyway.

Now the fun begins.  If you cannot verify your identity online, you are forced to join the legions of others who also blew their online quiz, and wait for phone lines at the IRS to open up.  I tried for three hours this morning to contact the IRS at the designated number, only to get a computer-generated voice message saying there were too many people trying to call, so call back later (please)!  Finally, I connected by telephone, only to be forced to wait in the cue for another 45 minutes (the wait time was announced to be 7-11 minutes).

When I finally connected with Mrs. Jones (not her real name), she rattled off her badge number and proceeded to ask me a series of increasingly difficult questions. “Good Lord,”, I thought, “this is worse than the CPA exam and bar exam combined!” At one point, not knowing whether I would answer the question correctly (even though the IRS letter expressly states that you should have a copy of your prior year tax return, your current year tax return if you filed one, and any supporting documents, such as your W-2, and nothing more), I asked Mrs. Jones what would happen if I answered the question incorrectly.  She responded dryly, “You will have to visit the local IRS office with two forms of identification to verify who you are.”  When I tried to I joke with her that this would make a great Wall Street Journal editorial, she told me to just answer the questions or she would terminate the call.

I sobered up and continued with the personal exam (more like a prostate exam, than a professional exam).  Mrs. Jones, now with the gloved, upper hand, quipped, “in what state was your Social Security Number issued?”  She read the list of choices.  None of the choices included the place of my birth, which is where I assumed the card was issued.  Rather, using more deductive reasoning, I guessed the correct place and we moved on, adding a few more, unwanted editorial comments.  Next question:  “To whom do you pay your current home mortgage?”  I finally got a question I knew and blurted out the answer.  She scolded me for interrupting her scripted dialogue, so I let her finish.  None of the choices matched exactly what I knew to be the correct answer. I told her that the information she read is inaccurate; she said “just answer the question.”  Again, I guessed and selected the closest (but incorrect) response, and somehow gained entry into the stratified air of those who passed the personal exam.  It probably would have been less stressful and taken less time just take off from work and wait in line for hours with hundreds of others at my “local IRS office.”

Having gone through this exercise once before (when the IRS was hacked in 2015), I know that this is just the beginning of my security nightmare.  In the coming days, I will receive further notification from the IRS with more information about what to do to protect my identity from being further pilfered (as a result of our government’s lax security) and how to file my tax returns for 2015 manually, among other things.  I will spend myriad hours trying to remedy damage created by somebody else through our government’s lack of diligence, by contacting local and other federal authorities and taking renewed precautions, only to be told that there is nothing really that can be done to fix the problem.

Ironically, I have NEVER filed online with the IRS for myself or any client for the very reason that the security measures taken to protect our identities are insufficient and antiquated. I also have never complained in writing publicly about anything having to do with our government or its gaffes (even on social media), but this is the proverbial straw that broke this camel’s back.

Editorial: We need better systems – to protect our identities and to remedy the damage caused by breaches of our security if our identities are compromised.  As citizens and taxpayers, we should not sit idly by, while hackers invade our privacy and steal our futures by gaining access to antiquated and unprotected systems.  Something must be done now, immediately.  The government needs to take action.  Citizens need to elect a government that will take action.

I hope you do not experience the theft of your identity, but if you do, I will be available to guide you through the nightmare that awaits or at least commiserate and await the next hack attack.

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins