How to Make Sure Someone Doesn’t Steal Your Tax Refund

Identity thieves filed 787,000 fraudulent returns in 2016. Here's how to make sure it doesn't happen to you this year.

Americans taxpayers are too lax about identity theft, according to a poll from CyberScout.

A survey conducted by the data security and identity protection firm found more than half of Americans aren’t worried about tax fraud, despite federal reports showing identity thieves filed 787,000 fraudulent returns in 2016, which adds up to more than $4 billion in fraud.

The survey also found that only 35% of taxpayers ask their preparers to use two-factor authentication (which is stronger than a single password) to protect their information. On top of that, only 18% use an encrypted USB drive to save tax documents that contain sensitive information. When it comes to choosing a tax preparer, 50% of respondents said they chose their tax preparers online, didn’t screen them beforehand or weren’t sure how to evaluate a tax preparer at all. CyberScout said this puts consumers at risk of getting scammed. Finally, more than half (51%) of taxpayers expecting refund checks in the mail don’t use a locked mailbox.

These findings come from a nationally representative survey of more than 1,500 Americans aged 18 and over commissioned by CyberScout, using Google Consumer Survey.

“In tax season, it is crucial that everyone remain vigilant and on high alert to avoid tax-related identity theft or phishing schemes,” said Adam Levin, founder and chairman of CyberScout and author of “Swiped.” Levin is also the co-founder of Credit.com.

How Taxpayers Can Protect Themselves

Tax season is one of the busiest times for identity thieves, but there are steps taxpayers can take to protect themselves. Here’s what CyberScout recommends:

  • Use a password-protected Wi-Fi connection when filing your taxes. Use a long and complex password — not just for your Wi-Fi but also for any accounts you’re using during the tax-filing process.
  • Get your return via direct deposit. If you must receive a return check via mail, have it sent to a locked mailbox.
  • Ask your tax preparer to use two-factor authentication to protect your documents and personal information.
  • Use an encrypted USB drive to save sensitive tax documents.
  • Never give information to anyone who contacts you by phone or online claiming to be from the IRS. The IRS will never contact you this way.
  • Monitor your accounts and online identity for any signs that your identity has been stolen. For example, if you see a sudden, unexpected change in your credit scores, it could indicate your identity has been stolen. You can easily get a look at your credit by using our free credit report snapshot, which is updated every 14 days.

The IRS also keeps taxpayers updated on the latest scams on its website. In most cases, if it sounds too good to be true, it probably is. You can find some more tips for avoiding common tax scams here.

Image: jacoblund 

The post How to Make Sure Someone Doesn’t Steal Your Tax Refund appeared first on Credit.com.

3 Tax Scams You Need to Watch Out For

Becoming a victim of a tax scam is not only frustrating and expensive, it could get you in trouble with the IRS.

In the early 60s, Roger Maris and Mickey Mantle hit a remarkable number of home runs including a famous back-to-back four-bagger, which according to Yogi Berra was the reason he famously quipped, “It’s déjà vu all over again.” While spring training is still a few weeks away, we’re in the thick of a tax season, where legions of scammers are swinging for the back wall.

According to the IRS, there was a 400% increase in phishing and malware incidents during the 2016 tax season. With the April 15 filing deadline still feeling as far away as the Green Monster from home plate in Fenway Park, Yogi Berra’s other dictum — it ain’t over till it’s over — was never more true.

My book “Swiped: How to Protect Yourself in a World Full of Phishers, Scammers and Identity Thieves” goes into great detail about the various tactics cyber criminals use to lure you, but the most important thing you can do to keep yourself scam-free this tax season is educate yourself on the most prevalent risks out there.

As ever the best (yet pretty boring) advice is to file your taxes as early as possible. Tax-related identity theft is primarily aimed at grabbing your tax refund, and scammers are creative, sophisticated, persistent, and move very quickly once your information is in hand. Armed with your Social Security number, date of birth and a few other pieces of your personally identifiable information, which if you have been involved in a data breach (you can check here to see warning signs and view two of your credit scores for free on Credit.com) is likely available on the dark web, they are off to log on to motels’ Wi-Fi networks, bunny-slippered feet resting comfortably on coffee tables, furiously filing fraudulent tax returns online.

Here are some other things to bear in mind as the tax season is upon us:

1. Phishing

There is no bigger threat. Phishing was recognized as a word by the Oxford English Dictionary more than 10 years ago, which is the main reason I thought of Yogi Berra’s déjà vu quip. By now it is a home truth that there are phishers out there. Catfishing is a regular part of the popular imagination, and phishing emails hit our inboxes with the same regularity as the various promotional emails we get from retailers and media outlets.

Phishing emails take many forms, but they are most commonly pointed at getting enough of your personally identifiable information to commit fraud in your name (identity theft). They also commonly contain a link that places malware on your computer. These programs can do a variety of things (none of them good), ranging from recruiting your machine into a botnet distributed denial of service attack to placing a keystroke recorder on your computer to access bank, credit union, credit card and brokerage accounts to gathering all the personally identifiable information on your hard drive.

Here’s what you need to know: The IRS will never send you an email to initiate any business with you. Did you hear that? NEVER. If you receive an email from the IRS, delete it. End of story. Oh, and they will never initiate contact by way of phone call either.

That said, there are other sources of email that may have the look and feel of a legitimate communication that are tied to other kinds of tax scams.

2. The Criminal Tax Preparation Scams

You learned how to do homework in school for this reason: Not all tax preparers are the same and you must vet anyone you’re thinking about using well before handing over a shred of your personally identifying information. Get at least three references, check online if there are any reviews and call them.

Here’s why: At this time of the year, tax prep offices that are actually fronts for criminal identity theft tend to pop up around the country in strip malls and other properties and then promptly disappear a few days later. Make sure the one you choose is legit!

3. Shady Tax Preparation

Phishing emails may not be aimed at stealing your personally identifiable information or planting malware on your computer. They may be simply aimed at getting your attention and business through enticing (and fraudulent) offers of a really big tax refund. While these preparers may get you a big refund, it could well be based on false information.

Be on the lookout for questions about business expenses that you did not accrue, especially watching out for signals from your preparer that you are giving him or her a figure that is “too low.”

Other soft-cons of shady tax preparation include inflated deductions, claiming tax credits to which you are not entitled and declaring charitable donations you did not make. Bottom line here: We’re all connected these days, and chances are you will get caught, so just make sure you are working with someone who follows the instructions (yes, they’re complicated, and that’s why it’s not a bad idea to get help).

As Yogi Berra said, “You can observe a lot by watching.” Tax season is stressful without the threat of tax-related identity theft and other scams. It’s important to be vigilant, because, to quote Yogi all over again, “If the world were perfect, it wouldn’t be.”

Image: RonTech2000

The post 3 Tax Scams You Need to Watch Out For appeared first on Credit.com.

How to Scam-Proof Your Taxes

Here's how to avoid tax return fraud in 2017.

Happy New Year, it’s tax fraud season again!

This may not be what you want to hear this week, but it is entirely possible the Internal Revenue Service already has your tax return for 2016. If this is news to you, and it turns out to be true in your case, you’ve been scammed. As a result, your refund could be sent to an identity thief in a few weeks, and it’s unlikely anything can stop that from happening.

Unfortunately, tax refund fraud is a reality for a whole lot of Americans. It is caused by the tidal wave of useable data that has already been (or soon will be) stolen by hackers and flows from embarrassingly shoddy information security practices at the public and private enterprise level and among individual taxpayers.

Before you throw in the towel, there are some things you can do to decrease your attackable surface when it comes to this form of identity theft. First of all, remember that opportunities abound for crooks everywhere. The most obvious places: in wallets (people still carrying Social Security cards and other forms of identification that include SSNs — think Medicare Cards — that can be used by scammers), on computers (protected by weak passwords or connected to insecure networks), and on smartphones susceptible to malware and phishing attacks.

I know what you’re thinking: “None of this pertains to me.” Wrong.

If your Social Security number pops up in the tax-fraud lottery, you can forget about the 21-day turnaround time that the IRS has to get you your money. While the dispute process is a lot better than it used to be — due entirely to the fact that tax refund fraud has been increasing at a breakneck clip — if you “get got,” expect at least a six-month wait (and that’s assuming everything goes OK).

Imagine for a moment that your Social Security number has been among those 120 million leaked in one of the countless data breaches reported in 2015 (remember, still more have almost certainly occurred that have not come to light yet). Now bear in mind that the best advice to avoid becoming a tax refund fraud statistic is to file your tax return as soon as possible and hold your breath.

Safeguards for 2017

As part of its December “National Tax Security Awareness Week,” the IRS announced new safeguards. They come in the form of “trusted customer features,” which “will not be visible to taxpayers” and include measures to strengthen the authentication that a tax return is being filed by the real taxpayer and extending more identity theft protections to business filers and individuals.

According to the IRS, more than 20 states are working to create a program to flag suspicious refunds before being deposited into taxpayer accounts, and the Form W-2 Verification Code initiative will expand to 50 million forms in 2017, from 2 million in 2016. Progress, if not perfection?

There is something else besides these IRS initiatives that remains invisible to the taxpayer, and that is when their Social Security number, and possibly even more of their personally identifiable information, is used by a criminal to steal a tax refund.

The IRS is getting proactive this year. People claiming an earned income or additional child tax credit will be the most affected, with the 21-day period allowed for refunds being extended so that the IRS can take precautions and be as sure as possible that they are not paying out refunds based on fraudulent claims.

The Tax Fraud Basics

As I detail in my book, Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, there are some things you should always bear in mind to scam-proof yourself.

Hang up!

If you get a phone call from the “IRS,” hang up. It doesn’t matter what your caller ID says. Spoofing a number is not a terribly difficult project for someone working an IRS phone scam. The actual form this scam takes depends on the person running it. The caller might give you a badge number. He or she might even have your Social Security number, or the last four digits of it.

The caller may threaten you with jail time. They may know details about you. It may seem real. But again, if you get a call like this, hang up and dial the IRS at 800-829-1040. Bear in mind that recent budget cuts mean you will probably be in a caller queue for the better part of an hour, only to be told there is no one who can talk to you about your issue.

Or just bear this in mind: The IRS will never initiate contact you by phone. If they do, believe me, it’s not them — it’s a scam.

Phishing

Do you know what’s even more unlikely than the IRS calling to threaten you with jail time? I’ll save you a guess: getting an email from the IRS.

The IRS only contacts taxpayers via the U.S. Postal Service. While it may feel strange, should an email from the IRS arrive in your inbox, don’t reply. Trash it. And do the same with any other request for your information that comes by way of email — even if it’s legitimate. Many companies and organizations have terrible data hygiene practices. Get on the phone and provide what’s asked for (assuming you make the call and are in control of the conversation).

Crooked Accountants and Other Miscreants

If someone promises you a ginormous tax refund — bigger than anything your accountant could get you — run.

This particular variety of bottom-feeding fraudster — a fake accountant, essentially — subsists on a steady diet of elderly clients and low-income filers. A few hallmarks of phony filers include: asking you to sign an incomplete tax return; refusing to sign the tax return themselves; or refusing to provide you with a copy of the return filed in their name. Another common strategy is directing the refund to the fraudulent filer’s bank account. From there, the scammer either skims a huge fee (also known as stealing money) or they just keep the entire refund.

You Are Who You Hire

It can be great to hire someone to prepare your taxes (as roughly 60% of taxpayers do). It takes a lot of the guesswork out of the equation. That is, of course, unless the “professional” you hire is engaging in guesswork. Are you sure the person preparing your taxes is an accountant or at least works with one they can consult? When it comes to choosing a tax preparer, there should be zero guesswork. Hire someone you’ve thoroughly checked out, and who has three solid references — at least one of them coming from someone you trust.

Why? Well, whatever they do, you do. Your signature goes on the return, and if there are fraudulent items in it, you’re the one who could wind up in prison.

As IRS Commissioner John Koskinen said during National Tax Security Week, “We all have an important role to play in protecting against identity theft and refund fraud.” Right now, the best protection against fraud remains early filing.

Remember, if you’ve been the victim of a scam, don’t shrug it off. You can check for signs of fraud — these include mysterious addresses and a sudden drop in your credit scores — by viewing two of your credit scores, updated every 14 days, for free on Credit.com.

Image: Tempura

The post How to Scam-Proof Your Taxes appeared first on Credit.com.

Watch Out for Fake Turbo Tax Emails

credit report errors

Scammers are targeting taxpayers by sending TurboTax customers fake emails designed to steal people’s personal and account information, according to a Feb. 4 announcement by Intuit, the parent company of the do-it-yourself tax software.

Intuit said the email mimicks the company’s brand and tells recipients they need to confirm their accounts. Here’s what part of the email says, according to a screenshot on Intuit’s website.

“Some information on your account appears to be missing or incorrect! Please confirm your information promptly so you can continue to enjoy all the benefits of your TurboTax account. If you don’t confirm your information, we’ll limit what you can do with your TurboTax account.”

The email is a phishing attempt — phishing tricks people into handing over sensitive information to thieves, usually by imitating a trusted company — and it’s well-timed. Many people have already filed or are about to start the process of filing their taxes, which could motivate concerned customers to make sure their TurboTax accounts are up to date.

If you look closely, the email has hallmarks of a phishing scam: There are some typos, and when you hover over the “Sign in to TurboTax” button in the email, it’s clear the URL is not legitimate. Always be careful about clicking on any emails that ask you to share account or financial details. Doing so could cause you some serious headaches.

Depending on the information people share, the thieves can commit a variety of serious offenses, from credit card fraud to identity theft. Taxpayer identity theft is obviously a concern in this scenario, because giving a thief your tax-software credentials could allow them to file a fraudulent tax return and delay your refund. You can protect yourself from taxpayer identity theft by filing your tax return as soon as possible, before someone with your personal information beats you to it.

Intuit is asking that anyone who receives these emails not click on any links or open attachments, send a copy to spoof@intuit.com and then delete the email. As always, it’s important to monitor your credit for signs of identity theft, especially after encountering something suspicious. (You can do so by pulling your credit reports for free each year at AnnualCreditReport.com and viewing your credit scores for free each month on Credit.com.)

More on Identity Theft:

Image: iStock

The post Watch Out for Fake Turbo Tax Emails appeared first on Credit.com.

Identity Theft Complaints Are Up 47% in Just One Year

credit report errors

Reports of identity theft shot up in 2015, largely driven by an increase in tax- and wage-related fraud, according to the Federal Trade Commission. People made 490,220 identity theft complaints to the FTC in 2015, up from 332,647 (a 47% increase) in 2014 and 290,102 in 2013.

From 2014 to 2015, there were 51% more complaints related to tax and wage identity theft, which isn’t all that surprising. All thieves need is a Social Security number — say, one that got stolen in one of the many data breaches from recent years — to file a fraudulent tax return. Through November 2015, the IRS reports it has stopped 1.4 million identity theft returns (preventing about $8 billion in fraudulent refunds), but an audit of the IRS found that it lost $5.8 billion to such fraud in 2013.

There’s likely a gap between the incidents reported to the FTC and the actual number of identity-theft occurrences in the U.S., and it’s unclear if the remarkable rise in reports is a result of more identity theft, more people reporting or a combination of both.

Regardless, the figures send a clear message: Identity theft is a common and growing problem. What’s worse: It’s really difficult — some say impossible — to prevent. There are steps you can take to minimize your risk of becoming an identity theft victim, like filing your taxes as early as possible and minimizing the amount of information you share with others. Freezing your credit report can also keep fraudsters from opening up fake accounts in your name, an action that can make a mess of your credit.

When prevention isn’t an option, rapid detection can make all the difference in containing the damage. Sudden changes in your credit scores can be a sign of identity theft (you can see two free credit scores every 30 days on Credit.com), and you’ll want to regularly review your free annual credit reports for errors. Identity theft has, unfortunately, become a common occurrence, so one the best things you can do to protect yourself is know how to respond if it happens to you. Identity theft victims can file reports with the local authorities, notify their creditors and the credit bureaus and filing a complaint with the FTC, among other things. They’ll also likely need to dispute any errors they find on their credit reports. You can DIY your credit dispute process, which can be done online or via the mail, or you can hire someone like a credit repair company to do it for you.

More on Identity Theft:

Image: iStock

The post Identity Theft Complaints Are Up 47% in Just One Year appeared first on Credit.com.

2015: The Year in Data Breaches

crawl space

Every year at about this time, technology reporters typically recount the big computer crimes from the past 12 months and proclaim “The Year of the Hacker” or some such moniker. This year, it fits.

Two years ago, the Target hack ushered in a new era of credit card theft awareness and ultimately helped inspire a big change in the way Americans use plastic. But as we all know, theft of credit and debit card information has a limited impact on consumers (fraud liability generally falls to the merchant or financial institution, if reported in a timely fashion).

On the other hand, theft of Social Security numbers, health care data and even fingerprints, by the millions … well, that’s a much bigger big deal. And that’s what U.S. consumers faced in 2015.

Data theft has moved far beyond credit card fraud. Today, millions of Americans have to live with the fact that agents acting allegedly on behalf of a foreign government now hold their SSNs and fingerprints — identity markets that are difficult, if not impossible, to change. And loss of that data makes them vulnerable, potentially, forever. That’s the real story of 2015.

A More Personal Breach

“This year proved once again the breaches have become the third certainty in life because the bad guys have proven they are more persistent, creative and increasingly sophisticated than the good guys,” Adam Levin, co-founder of Credit.com and author of new book, Swiped, which chronicles the extent of the ID theft problem, said. “While consumers, government and business are more aware of the issues, there is still a lack of understanding as to what needs to be done, resistance to allocate the proper resources to do what needs to be done and countless legacy systems that impede our ability to do what needs to be done.”

The Identity Theft Resource Center says there were 750 announced data leaks in 2015, and all tallied, 178 million records were lost or stolen. Also a headline from 2015: hackers’ new focus on healthcare data. Nearly 122 million healthcare records were stolen during 264 reported breaches, the most of any industry, the ITRC says. Government records were the second most commonly stolen — 24 million in 59 leaks. Comparatively speaking, the 5 million records lost in 69 leaks by the financial industry seems small.

The year in hacking got off to a fast start, when health insurance provider Anthem Inc. revealed it had been hacked in early February. Ultimately, the firm said that up to 80 million consumers were impacted. There were plenty of reports blaming China for the attack. While hack “attribution” is often an inexact science and the FBI rarely makes its conclusions public, it wouldn’t be the final allegations against Chinese hackers.

Nor would it be the last major health data hack. A month after Anthem’s announcement, Primera Blue Cross revealed that hackers stole data on 11 million consumers. There were plenty of reports that the same hackers were involved in both incidents, meaning the Chinese government might have been involved, but again, the allegations were denied by China and clear evidence was never made public.

Then, the big one hit.

Hackers Hit Home

In June, the Office of Personnel Management — Uncle Sam’s Human Resources department — revealed it had been hacked and 4 million government employees were at risk. Later, the number was raised to 18 million. Then 21.5 million. And the at-risk pool was expanded to former government workers and potentially anyone who had been used as part of an federal employee background check. Stolen data ranged from Social Security numbers to security clearance information to, in 5.6 million cases, fingerprints. Once again, reports blamed Chinese hackers. Once again, the culprits remain at large.

The hacking incident dominated tech headlines for months, and the federal government is still notifying victims. Meanwhile, all these alleged China-led hacker attacks became a major topic of discussion when President Obama and Chinese President Xi Jinping met in September. The two world leaders announced the U.S. and China wouldn’t attack each other through the Internet, though many security firms are skeptical the announcement had any real impact.

It certainly had little impact on computer criminals trying to gain illegal access to large consumer databases. Only a few weeks later, in October, T-Mobile revealed that its credit check provider Experian had been hacked and 15 million consumers were put at risk.

Meanwhile, big numbers aren’t the only reason consumers should be concerned. Smaller hacks can have a bigger impact, depending on the data that’s been leaked. The IRS “Get Transcript” service was hacked this year, and eventually, the agency had to reveal in August that criminals accessed more than 300,000 taxpayers’ accounts. Given the focused nature of the attack and the precise data stolen – old tax returns – victims are at serious risk for full-blown identity attacks.

Also this summer, password-storing service LastPass announced that criminals had gained access to encrypted passwords belonging to potentially 7 million users. The thieves still faced the uphill battle of cracking the password file’s encryption, so the incident was not quite the disaster it sounded like at first. Still, consumers were told to change master passwords immediately, and were put on notice once again about the fragility of seemingly safe computer systems in the 21st century.

More Big Breaches Ahead?

No doubt, 2016 will bring even more cautionary tales.

“As breaches have become the third certainty in life and the identity theft that flows from them is the new norm, businesses and consumers need to follow the 3Ms: minimize the risk of exposure, monitor and manage the damage,” Levin said. “Business leaders need to shore up their cyber defenses by instituting data segmentation, encryption, employee training on security protocols and penetration testing. Consumers need to remain vigilant and adopt a culture of self-monitoring. They should check their accounts on a daily basis, sign up for transactional monitoring from their bank and use long and strong passwords that don’t repeat across accounts.”

Just about every consumer involved in all these hacks received some kind of free credit monitoring offer. They are always worth accepting, but it’s important to know that credit monitoring can offer only limited protection against identity theft. In the end, consumers are ultimately responsible for discovering ID theft themselves. The best way to do that is regular monitoring of credit reports through AnnualCreditReport.com and use of a free credit score tool like the one provided by Credit.com.

More Money-Saving Reads:

Image: iStock

The post 2015: The Year in Data Breaches appeared first on Credit.com.

2015: The Year in Data Breaches

crawl space

Every year at about this time, technology reporters typically recount the big computer crimes from the past 12 months and proclaim “The Year of the Hacker” or some such moniker. This year, it fits.

Two years ago, the Target hack ushered in a new era of credit card theft awareness and ultimately helped inspire a big change in the way Americans use plastic. But as we all know, theft of credit and debit card information has a limited impact on consumers (fraud liability generally falls to the merchant or financial institution, if reported in a timely fashion).

On the other hand, theft of Social Security numbers, health care data and even fingerprints, by the millions … well, that’s a much bigger big deal. And that’s what U.S. consumers faced in 2015.

Data theft has moved far beyond credit card fraud. Today, millions of Americans have to live with the fact that agents acting allegedly on behalf of a foreign government now hold their SSNs and fingerprints — identity markets that are difficult, if not impossible, to change. And loss of that data makes them vulnerable, potentially, forever. That’s the real story of 2015.

A More Personal Breach

“This year proved once again the breaches have become the third certainty in life because the bad guys have proven they are more persistent, creative and increasingly sophisticated than the good guys,” Adam Levin, co-founder of Credit.com and author of new book, Swiped, which chronicles the extent of the ID theft problem, said. “While consumers, government and business are more aware of the issues, there is still a lack of understanding as to what needs to be done, resistance to allocate the proper resources to do what needs to be done and countless legacy systems that impede our ability to do what needs to be done.”

The Identity Theft Resource Center says there were 750 announced data leaks in 2015, and all tallied, 178 million records were lost or stolen. Also a headline from 2015: hackers’ new focus on healthcare data. Nearly 122 million healthcare records were stolen during 264 reported breaches, the most of any industry, the ITRC says. Government records were the second most commonly stolen — 24 million in 59 leaks. Comparatively speaking, the 5 million records lost in 69 leaks by the financial industry seems small.

The year in hacking got off to a fast start, when health insurance provider Anthem Inc. revealed it had been hacked in early February. Ultimately, the firm said that up to 80 million consumers were impacted. There were plenty of reports blaming China for the attack. While hack “attribution” is often an inexact science and the FBI rarely makes its conclusions public, it wouldn’t be the final allegations against Chinese hackers.

Nor would it be the last major health data hack. A month after Anthem’s announcement, Primera Blue Cross revealed that hackers stole data on 11 million consumers. There were plenty of reports that the same hackers were involved in both incidents, meaning the Chinese government might have been involved, but again, the allegations were denied by China and clear evidence was never made public.

Then, the big one hit.

Hackers Hit Home

In June, the Office of Personnel Management — Uncle Sam’s Human Resources department — revealed it had been hacked and 4 million government employees were at risk. Later, the number was raised to 18 million. Then 21.5 million. And the at-risk pool was expanded to former government workers and potentially anyone who had been used as part of an federal employee background check. Stolen data ranged from Social Security numbers to security clearance information to, in 5.6 million cases, fingerprints. Once again, reports blamed Chinese hackers. Once again, the culprits remain at large.

The hacking incident dominated tech headlines for months, and the federal government is still notifying victims. Meanwhile, all these alleged China-led hacker attacks became a major topic of discussion when President Obama and Chinese President Xi Jinping met in September. The two world leaders announced the U.S. and China wouldn’t attack each other through the Internet, though many security firms are skeptical the announcement had any real impact.

It certainly had little impact on computer criminals trying to gain illegal access to large consumer databases. Only a few weeks later, in October, T-Mobile revealed that its credit check provider Experian had been hacked and 15 million consumers were put at risk.

Meanwhile, big numbers aren’t the only reason consumers should be concerned. Smaller hacks can have a bigger impact, depending on the data that’s been leaked. The IRS “Get Transcript” service was hacked this year, and eventually, the agency had to reveal in August that criminals accessed more than 300,000 taxpayers’ accounts. Given the focused nature of the attack and the precise data stolen – old tax returns – victims are at serious risk for full-blown identity attacks.

Also this summer, password-storing service LastPass announced that criminals had gained access to encrypted passwords belonging to potentially 7 million users. The thieves still faced the uphill battle of cracking the password file’s encryption, so the incident was not quite the disaster it sounded like at first. Still, consumers were told to change master passwords immediately, and were put on notice once again about the fragility of seemingly safe computer systems in the 21st century.

More Big Breaches Ahead?

No doubt, 2016 will bring even more cautionary tales.

“As breaches have become the third certainty in life and the identity theft that flows from them is the new norm, businesses and consumers need to follow the 3Ms: minimize the risk of exposure, monitor and manage the damage,” Levin said. “Business leaders need to shore up their cyber defenses by instituting data segmentation, encryption, employee training on security protocols and penetration testing. Consumers need to remain vigilant and adopt a culture of self-monitoring. They should check their accounts on a daily basis, sign up for transactional monitoring from their bank and use long and strong passwords that don’t repeat across accounts.”

Just about every consumer involved in all these hacks received some kind of free credit monitoring offer. They are always worth accepting, but it’s important to know that credit monitoring can offer only limited protection against identity theft. In the end, consumers are ultimately responsible for discovering ID theft themselves. The best way to do that is regular monitoring of credit reports through AnnualCreditReport.com and use of a free credit score tool like the one provided by Credit.com.

More Money-Saving Reads:

Image: iStock

The post 2015: The Year in Data Breaches appeared first on Credit.com.