U.S. Tax Returns, Identity Theft and H&R Block
by: Shawn K. Hall and Annette M. Hall
Updated: April 1, 2011
What you don’t know could hurt you
You simply can’t be too careful these days, so you do your best to protect your personal data.
- You purchased a crosscut shredder and never put anything with your name, address, phone number or social security number in the trash until it’s been through chewy.
- You update your computer software regularly.
- Regularly run virus and spyware protection software on your computer.
- You don’t sign the back of your credit cards but instead you write “See ID.”
- You have a credit report ran at least once a year as recommended by credit experts.
So, you’re safe right?
Despite your best efforts to protect your family members from identity theft, the entire situation could be well out of your hands and the situation is sure to get worse before it gets better.
55 Million Americans at Risk for ID Theft
According to a USA Today report made last week, last year was the worst ever for computer security breaches. At least 130 security breaches put more than 55 million Americans at risk for ID theft last year.
The Arizona Daily Star reports: “Big companies suffered significant data losses last month that could have a big impact on individuals. Last week, the time-share unit of Marriott broke the news to 206,000 employees and customers that key personal data, such as Social Security numbers and credit card numbers, went missing after backup computer tapes disappeared from an Orlando office.”
Identity Theft News
These stories are just the tip of the iceberg. In the past couple of years the situation has spiraled out of control. Only a handful of states even have mandatory notification laws requiring companies who have suffered a lost of data to notify their customers. This means that if your local dentists office has their computer stolen, with all of your medical and personal records on it, you may or may not be told of the breach.
According a story in The Journal News: In March 2005, ChoicePoint, a Georgia-based information broker, revealed that the personal data of hundreds of thousands of Americans in all 50 states had been compromised. The revelation came only because a California law required customer notification of data theft.
We can expect the situation to continue to worsen due not only to computer theft and dishonest employee’s but also, due to the increased amount of personal information being outsourced to foreign countries like India.
Your Personal Tax Return
According to Kansas City Business Journal – H&R Block has about 25 percent of its work force in Kansas City and about 1,000 employees in India. Block claims that its work force in India is better educated than its work force in the United States. Block’s India operation scores better than its equivalent U.S. operations on measures of efficiency and customer satisfaction, Ernst said, and the company’s workers in India do their jobs for about one-fifth the amount its U.S. workers get paid.
In another USA Today article published in February of 2004, we learn “tax experts say Indian chartered accountants – the subcontinent’s version of certified public accountants (CPAs) – will prepare 150,000 to 200,000 returns this year (2004), up from about 20,000 in 2003.”
Folks, when you have someone prepare your tax return, you are putting a great deal of faith in that individual or company. They will have access to not only your income and expenses but your address, social security number, phone number and even your children’s names and date of birth.
Speaking Social Security Numbers, the following letter went out last week from H&R Block, Kansas headquarters to select clients. Apparently, someone made a huge mistake. So far this blunder has somehow been kept out of the news. The company is claiming there is nothing to worry about but… well I’ll let you be the judge.
Dear Customer,
Recently we mailed you a free copy of our TaxCut software. We believe that this complimentary software will meet your 2006 tax preparation needs, based on our prior experience with you as an H&R Block client. We hope that you will try TaxCut and find it to be a great solution for filing your next tax return.However, since we sent you this CD, we have become aware of a mail production situation that has affected a small percentage of recipients, including you. Due to human error in developing the mailing list, the digits of your social security number (SSN) were used as part of your mailing label’s source code, a string of more than 40 numbers and characters. Fortunately, these digits were embedded in the middle of the string, and they were not formatted in any manner that would identify them as an SSN.
Nevertheless, we sincerely apologize for this inadvertent error, which is completely inconsistent with out strict policies to protect our clients’ privacy. Our internal policies limit the use of client SSNs for purposes other than tax preparation. Furthermore, our internal procedures require that mailing source codes are formulated in a manner that excludes use of any sensitive or confidential information. Please know that we have conducted a thorough internal review of this matter, and are taking actions to ensure this does not re-occur.
Again, please understand that the digits of your SSN were embedded in the middle of a lengthy source code, and they were not formatted in a manner that identifies them as an SSN. As a result, we believe that exposure of your SSN digits was limited to you alone, since you are the only person who would recognize their significance. Nonetheless, we suggest that you destroy the wrapper and mailing label of the free TaxCut CD we sent you. If you would like more information about this incident, please visit www.taxcut.com/answers, a special Website that contains additional details and an e-mail link for contacting us with your questions.
On behalf of more than 100,000 associates of H&R Block, allow me to apologize for this unfortunate situation. Through 50 tax seasons, H&R Block has earned a reputation as a valued, trustworthy ally to our clients, and we sincerely hope that you will find the free TaxCut CD and our information packed taxcut.com Website to be helpful tools for the 2006 tax filing season.
Sincerely,
Tom Allanson
Senior Vice President & General Manager
H&R Block Digital Tax Solutions
4400 Main Street Kansas City, MO 64111
www.taxcut.com
I wonder if anyone is going to inform Mr. Allanson that this “lengthy” source code is only 40 digits, and an SSN is nine digits. All it would take is one person to figure out where their own SSN was placed within this “lengthy” string and then they can abuse the data for every other string they see (perhaps that is why many of the disks were never received?) Coincidence? I think not.
I also wonder if Mr. Allanson is aware that Social Security Numbers meet certain numerical pattern methods that would facilitate extrapolating the SSN even if the attacker did not know where the number began within this “lengthy” string.
But I guess I expect too much from the guy selected to write the corporate spin.
It’s a moot point.
Of course it’s bad press to be caught exposing this information about your customers to anyone who wants to look at your mail. It’s bad form to have this information available in plain sight. That’s a given. And we should be outraged. But in the long run, this is small potatoes from a company that is known to offshore this same information to locations in India where the information is collected and processed by foreigners with no relationship with our government. They can’t even be punished if they choose to collect and abuse the information for themselves.
That’s a horrible thought, isn’t it? All of your business, residential, major expenses and income details being sent to someone who is paid far less than what a 16 year old in the US would make flipping burgers. What is tying these people to the ethical standards we hold our own citizens to? Oh, don’t forget that the institutions “training” these staff have repeatedly been called for assisting or enabling students to cheat their way through college exams. Sure, that’s ethical.
But it’s not like they’d actually exploit or sell this information, is it? Well, actually, yes. It is. If a call center worker in India can collect and sell details on a thousand bank accounts, where the information would be far more limited than what a tax consulting agency would provide, no lack of potential for abuse exists.
That’s okay. You can excuse yourself from the whole situation by just not using H&R Block, TaxCut and other services that offshore your data, right? Not exactly.
The problem is grossly exacerbated by the fact that US Government-related organizations, like the RNC, have elected to offshore their data as well, including everything from donations to affiliation. And the government (as you can see with the Truth in Taxation hearings) doesn’t believe it needs to answer to We The People. That makes it even harder to enforce data collection and sharing laws imposed on corporations like H&R Block.
I guess it still boils down to the same simple solution from generations ago. Our nations founders believed that the further away from you the authority was placed, the less it could provide any local value. If you’re willing to let anyone – H&R Block, TaxCut, the RNC, or even Uncle Sam, collect information about you, our finances or your habits, you are giving them the opportunity to exploit you. And they will.