[This is actually nothing new. I don't remember any ransomware-style
attacks but, when I used to work for the Kentucky Department of Revenue,
just about every year there would be a preparer or two who got hacked. It
was usually at a time the fraudster knew they would have a lot of returns
ready to transmit and, often, the preparer would not know it had happened
until taxpayers started calling them (or us) wondering where their refunds were.
The fraudster would file their returns, changing only the direct deposit information so the refund went them instead of the taxpayer. -- Mike]
Hackers are targeting taxpayers as they file - here's what to look for
Date:
Tue, 30 Dec 2025 16:30:00 +0000
Description:
Russia-linked actors are targeting tax firms in the US, stealing highly sensitive data
FULL STORY
CSA Tax & Advisory, a local accounting and tax firm from Haverhill, Massachusetts, reportedly suffered a ransomware attack at the hands of a Russia-linked ransomware gang. The group, calling itself Lynx, added CSA to
its data leak site recently, saying it also stole sensitive data from US taxpayers.
CSA is yet to confirm or deny the breach, so whether or not Lynxs claims are legitimate, remains to be seen.
Still, the group shared a data sample on its site, and researchers from Cybernews claim it contains peoples full names, Social Security Numbers
(SSN), postal addresses, spousal health care coverage agreements, invoices, individual income tax return data , IRS e-file signature authorization forms, and internal corporate correspondence.
How the data could be abused
If confirmed, the breach would be quite serious, since it would be full identity and financial compromise - putting victims at risk of identity theft and fraud.
At the individual level, SSNs combined with postal addresses and tax return data can result in complete identity theft. Criminals can open credit cards, take out loans, file fraudulent tax returns to claim refunds, and pass
identity checks at banks, lenders, and government services. Because SSNs dont expire, the damage can persist for years.
Tax-specific documents like IRS e-file signature authorization forms can also be abused to submit fraudulent tax filings, redirect refunds, or alter
filings before the victim notices.
Victims can end up in months long disputes with the IRS to prove they were victims of fraud. Spousal health care coverage agreements can lead to
insurance fraud and extortion. Attackers can use this information to submit fake insurance claims, impersonate policyholders with insurers, or threaten
to expose sensitive family or medical-related details - so there is a serious and measurable danger for those exposed (if the breach occurred).
Crooks can also use the data to target businesses with social engineering, business email compromise (BEC), or financial fraud.
Internal emails can reveal workflows, approval chains, and trust
relationships, which cybercriminals can abuse to great extent. In such scenarios, businesses would be looking at regulatory penalties, mandatory breach notifications, lawsuits, loss of client trust, and potential professional liability claims. In the US, exposure of SSNs and tax data often triggers state breach laws, IRS scrutiny, and possible FTC action.
Via Cybernews
======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-are-targeting-taxpayers-as-they -file-heres-what-to-look-for
$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)