At a glance.
- Cyber scammers prey on potential breach victims.
- Washington State University involved in third-party data breach.
- Lawmakers call for investigation into illegal sharing of tax prep data.
Cyber scammers prey on potential breach victims.
Data breaches are on the rise all over the US, which means it’s becoming increasingly commonplace for individuals to receive notification letters informing them their data has been compromised. KOAA News 5 warns that scammers are taking advantage of this by disseminating their own fraudulent breach letters in the hopes of tricking recipients into handing over their private information. One victim explained she received a notice from a company called Reventics stating that she and her family had been impacted in a breach. “They gave me this story about how all of our stuff was out there on the dark web and we needed to give them all our information and make profiles and they would protect our information for a year,” the victim states. “At first I thought it was another scam or something you know?” While Reventics did in fact suffer a breach earlier this year, experts say it’s still a good idea to verify the validity of a breach before sharing personal info. Adah Rodriguez at the Better Business Bureau of Southern Colorado warns, ”Because the scammers have found out about this large data breach they then take advantage of it. They send mailers out to thousands of consumers that may not even use this company claiming your information has been compromised providing a phone number or link or website and they want you to go there and give up your personal information.”
Washington State University involved in third-party data breach.
Washington State University (WSU) in the US has disclosed that staff and student data were exposed in the data breaches of several third-party vendors including National Student Clearinghouse (NSC) and the Teachers Insurance and Annuity Association (TIAA). KHQ news reports that WSU relies onNSC for enrollment and degree verification services as well as student loan management and personally identifiable information of current and prospective students are shared with NSC to complete their work. Although the article does not say so, it’s possible the breaches are connected to the mass-hack of the MOVEit file transfer application, as TIAA has confirmed previously that its systems were impacted in that attack.
Lawmakers call for investigation into illegal sharing of tax prep data.
Following a months-long probe that reportedly revealed "outrageous, extensive and potentially illegal sharing of taxpayers’ sensitive personal and financial information with Meta by online tax preparation companies," Senate Democrats are urging the US Department of Justice to conduct further investigation. The officials, who include Senators Elizabeth Warren, Ron Wyden, Richard Blumenthal, Tammy Duckworth, Bernie Sanders, and Sheldon Whitehouse have submitted a letter to the Internal Revenue Service, the Treasury Inspector General for Tax Administration, the Federal Trade Commission, and the Department of Justice detailing the findings, which indicate that the tax prep companies in question shared the tax return data of millions of taxpayers with tech firms including Meta and Google. "The findings of this report reveal a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms that appeared to violate taxpayers’ rights and may have violated taxpayer privacy law," the letter states. "Relevant enforcement entities – including the IRS, the Treasury Inspector General for Tax Administration (TIGTA), the Federal Trade Commission (FTC) and the Department of Justice (DOJ) should fully investigate this matter and prosecute any company or individuals who violated the law." Although the companies claimed that the shared data was anonymized, experts say it could be aggregated to create profiles on individuals to be used for purposes like targeted advertising. H&R Block, one of the tax companies in question, told Fox Business, "H&R Block takes protecting our clients’ privacy very seriously, and we have taken steps to prevent the sharing of information via pixels.” When asked for comment, a Google spokesperson stated, “We have strict policies and technical features that prohibit Google Analytics customers from collecting data that could be used to identify an individual. Site owners – not Google – are in control of what information they collect and must inform their users of how it will be used. Additionally, Google has strict policies against advertising to people based on sensitive information."