FTC Advice On How To Deal With Equifax Hack: Er... Race The Hackers To Filing Your Taxes Before They Do
from the what-the-actual-fuck dept
So, yes, by now you know all about the whole Equifax hack and how really, really terrible it is. Lots of sites have been posting various stories about what you should do about it, when the truth is you really can't do much. A lot of people are likely going to deal with an awful lot of bad stuff almost entirely because of this leak by Equifax. Not surprisingly, the FTC has weighed in with some suggestions, most of which won't actually help very much. Most of them are the standard suggestions everyone's giving -- including checking your credit reports, putting a credit freeze on your files and basically watching very closely to see if you're fucked over by whoever has access to these files.
But the FTC's very last suggestion is the one I wanted to focus on today. It's basically "um, well, maybe try to file your tax returns early next year, so you beat hackers trying to do the same?"
File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
As someone who has been a victim of someone filing fake tax returns to try to get your refund, it's a really shitty process to go through. The problem here, though, is the whole setup of our tax system, which makes it pretty damn easy for someone to fake your tax returns -- now made even easier thanks to this breach. If the FTC really wanted to help, it should be pushing for a complete overhaul of how tax filing works, such that merely knowing your Social Security Number and address isn't enough to file tax returns in your name. Among the many problems here, it starts with the idiotic idea that we use SSNs as an identity tool -- but there's also the fact that we continue to have the IRS force every American to play a guessing game with their taxes just to keep tax prep companies like Intuit and H&R Block happy.
I recognize that the FTC isn't directly in a position to fix this, but the fact that it's best suggestion is "race the hackers to filing your tax returns and hope you get there first" should highlight just how totally fucked up our income tax system is in the US.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ftc, hackers, social security numbers, tax returns
Companies: equifax
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
This is an excellent idea. However, it gets into the government issued id card area that many people are strongly against. I'm for it but, I don't know if it could be made to happen.
[ link to this | view in chronology ]
Don't forget the laws squashed to prevent this
[ link to this | view in chronology ]
Re: Don't forget the laws squashed to prevent this
[ link to this | view in chronology ]
Re: Re: Don't forget the laws squashed to prevent this
[ link to this | view in chronology ]
Re: Re: Don't forget the laws squashed to prevent this
Equifax is no different than most other big data companies. While their revenue depends on consumer data, the companies that they cooperate with will want deniable plausibility and to get the advantages the big data company provides. The consumers rights can stomp hay.
As soon as big data and company A sees a benefit in each others services, legal, smeagol and ethics goes out with the baby and the bathwater. Some of the least moral big data companies are funding hackers by buying their data and may even facilitate hackers with vectors to infect and inject.
[ link to this | view in chronology ]
Re: Re: Re: Don't forget the laws squashed to prevent this
[ link to this | view in chronology ]
Re: Re: Re: Re: Don't forget the laws squashed to prevent this
https://www.equifax.com/personal/identity-theft-protection
[ link to this | view in chronology ]
The IRS needs to be prepared
[ link to this | view in chronology ]
Social Security Numbers
Equifax and the FTC aren't to blame for this. The IRS and Prosecutors and big businesses are to blame for Social Security Numbers being so vitally important and insecure.
Social Security Numbers were invented by the IRS to track who was who in their system. The IRS never expected them to be used by anyone but themselves, and never made the numbers all that secure because of that.
It's actually ILLEGAL for most businesses to ask you for your social security number, and to use it as a unique identifier for you in their databases. Only businesses that need to report your income to the IRS (like the company you work for, and a bank or investment firm) should have a real reason to know what your social security number is. Anything beyond that is scope creep, and is ILLEGAL under the law.
But, this is where Prosecutors and Big Business screwed things up. Big Businesses thought using Social Security numbers to identify customers in their database was a great idea. And prosecutors didn't enforce the laws against doing that, and so now Social Security numbers have become an insecure national ID in effect.
[ link to this | view in chronology ]
Re: Social Security Numbers
I find your statement difficult to believe. Are you positive it was the IRS who devised and implemented the SSN?
https://www.ssa.gov/policy/docs/ssb/v69n2/v69n2p55.html
[ link to this | view in chronology ]
Is that even possible ?
[ link to this | view in chronology ]
Re: Is that even possible ?
They can try to get your tax return (if you are getting one) before you do. Dunno if they can just make up stuff. There are also some people that owe or that have non-trivial income. Not sure they want to spoof those people.
Fake accounts are probably a bigger problem.
[ link to this | view in chronology ]
Re: Re: Is that even possible ?
A tax return is what you send to the IRS.
[ link to this | view in chronology ]
They're welcome to file my taxes...
[ link to this | view in chronology ]
Re: They're welcome to file my taxes...
Funny how that works.
[ link to this | view in chronology ]
A Simple Fix
Forms pertaining to tax withholding (W-2's, Form 1099, K-1, etc.) shall be given an additional number, a random number peculiar to that form, that employer, that taxpayer, and that year, in addition to the existing numbers, and this number shall be reported to the taxpayer and the IRS in the usual way, and the tax-payer shall copy it into his tax return. There will need to be fairly minor modifications of the tax schedules to allow inserting the passwords, but there is plenty of time to do that. It's only September.
The IRS can work with the state Departments of Motor Vehicles. The DMV checks not only paperwork, but also biometrics. It knows things off the birth certificate like the name of the obstetrician. The DMV finally confirms the address of an identity-holder by snail-mailing the card-- with instructions not to forward it.
When you file a change of address with the Post Office, they sensibly send paper notices-- by snail-mail-- to both the old and new address. I think you can file a change of address on the internet. I filed mine by physically going in to the post office. The IRS can always send out refund checks by snail-mail. This will be rather hard on the tax preparation companies, which make money on Refund Anticipation Loans, at more or less usurious interest. No matter, they will find a way to solve their problem.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Response to: Anonymous Coward on Sep 12th, 2017 @ 1:02pm
[ link to this | view in chronology ]
Far to often we hear the battlecry of to much regulation is making it hard for business!!!
Ummm, if we had a law demanding a basic level of security from the big black boxes that gather & hold all sorts of details that can allow someone to ruin your life... they might have had 25 cents less in dividends.
The "response" from them has been laughable, their new url to check looks like a phishing domain, the site has holes that were patched in the code... YEARS AGO. The pins are based on the date & any name & any number combination results in the yep you got hacked response. They moved to sell off stock before the price tanked & consulted legal to add wording to try and deflect any legal attack on them fucking a giant portion of the country.
No one gives a shit about us, we are just commodities to be exploited. We vote for the right soundbites, our web browsing is collected & sold to sell us more. Our data is for sale (or the taking) to say if we are a good credit risk based on mystical metrics using data not verified in reality, but they become the reality even when they are wrong. They decide you credit score is 300 because someone typoed a name... to fucking bad for you. You have to invest a huge amount of time & effort into doing the job for the data miners.
But then this is the country thats running ads on TV that NEXT Year they are sending out new Medicare cards... without Social Security numbers on them. But we spend more time fighting over how to build a wall or sneak in legislation to allow politicians to get even more dark untraceable money.
We have a fucked system, because those with the money own those who are supposed to care about our best interests.
[ link to this | view in chronology ]
Scammed if you do, scammed if you don't...
[ link to this | view in chronology ]
https://www.youtube.com/watch?v=Erp8IAUouus
[ link to this | view in chronology ]
The Big 3 are going to make money off of this
What would be interesting to see happen is to have the FTC step in and ban them from making money thru exploitation of a situation that the credit bureaus created themselves. I'm not holding my breath.
[ link to this | view in chronology ]
Re: The Big 3 are going to make money off of this
The more you think about it, the more important it seems to be needed to add further consequences for data-leaking and reducing the scope of each leak. Wtih the overall issues of the sector, I wouldn't mind a government regulated market akin to title II/utilities, with a restriction on the size of the stack handled by each cell.
[ link to this | view in chronology ]
SSN
I really don't know who initiated that change but it may have been with a law that required them to not use SSN. Of course back then there was no Internet, a laptop was 30 lbs. monochrome display and we couldn't see what would happen to our privacy.
[ link to this | view in chronology ]