Equifax Breach Allows Regular Hackers To Expand Their Reach
On Good Friday, as I was baking my Easter Bread, I received a frantic call from an old friend in Pittsburgh. Natalia (not her real name) received a letter in the mail from the Social Security Administration (SSA) thanking her for setting up her Social Security Account online. The problem was, she never did. Earlier in the week, when she and her husband attempted to file their income tax return electronically, the submission was denied by the IRS, as somebody had already filed an income tax return for 2017 using Natalia’s social security number. She was understandably desperate for advice on what to do next.
Equifax Data Breach & Its Implications
The Equifax breach, which occurred between May and July of 2017, may have been the source of Natalia’s problems. The breach impacted as many as 143 Million people in the US, plus others in Canada and the UK. Credit card numbers of over 200,000 Americans were breached, as well as “personal identifying information” of 143,000 Americans.
When this breach was announced, many were concerned about the “normal” identity fraud problems: fraudulent credit cards, auto loans, or even mortgages being opened up in their names. In addition, ID theft artists are getting better at filing fraudulent tax returns using stolen social security numbers to claim “refunds” of the withholding of their victims before the victims file their own tax returns. Many of Natalia’s co-workers have experienced this problem over the past 4 years.
The big surprise that has surfaced after the Equifax breach is that some of the devious con artists are now filing for social security benefits using the stolen numbers. This approach works best if the person whose identity was stolen was at least 62 years old (the earliest you can collect retirement benefits), still working, but not yet collecting. Those not yet collecting social security would not know if someone had tapped their account and was receiving their monthly benefit. Also, it would be very easy for these folks to discard a letter from the SSA (like the one Natalia received) thinking it was junk mail or one of those annual benefit estimate statements. On the contrary, if a retiree who was already collecting retirement benefits was a victim of this scam, they would likely notice a missing monthly payment immediately and would contact the SSA.
Therefore, a person who is at least age 62 but still working is the perfect target for this scam. I have read a number of reports over the past 3 months of this occurring. One Michigan resident received a double whammy. In 2017, somebody filed for and collected social security benefits using his number. In January of 2018, he received a SSA-1099 from the SSA for the amount the con artist collected, so now the IRS is looking for him to report the Social Security income and pay any tax due on his 1040!
Natalia’s Problem Resolution
Natalia spoke with the SSA, he shared with Natalia that this scam actually happened to him personally! He deleted Natalia’s online account, so going forward, Natalia will need to appear at her local Social Security office and take care of any business in person, and she will never have an online SSA account. She alerted her bank and credit card companies that her information had been breached, and pulled and reviewed her credit reports from all three credit bureaus. They were all clean, but she is monitoring her reports regularly and has signed up for a credit monitoring service. She also reported the identity theft to the Federal Trade Commission at https://www.identitytheft.gov/ and was instructed to report the incident to the local police. Finally, Natalia and her husband are working directly with the IRS on the fraudulent filing and they will file a paper return.
Identify theft is never pleasant to deal with. Nobody likes even a “mild” breach involving a stolen credit card number. However, this new scheme of targeting Social Security benefits is especially disturbing, as it targets what a person has accrued throughout their entire work history. If you are of eligible Social Security age (62 or over) and you are still working, pay particular attention to any correspondence you receive from the SSA. You may want to proactively establish your online SSA account using their enhanced security to sign up. Better yet, you may want to emulate Natalia’s approach and set up your relationship with SSA the old-fashioned way…in their offices. It is not as convenient as setting it up online, but at least you can proactively protect yourself against this new threat.