IRS BreachIt’s getting harder and harder to trust the federal government when it comes to protecting data, as shown by recent massive data breaches within both the Office of Personnel Management (OPM) and the IRS. Unfortunately, the IRS breach that was announced nearly a year ago seems to be following the same pattern as the OPM breach. Both breaches were initially announced with much smaller numbers of citizens affected than actually were, and both released statements far later to let people know. The lag in disclosure means that more people were compromised than realized for months on end, and while it’s true that much of the potential damage was probably done before the breaches were first discovered, the gap in knowledge is certainly scary. If the government itself can’t be trusted to employ the highest security standards and catch intrusions before they become massive data disasters, who can you trust?

IRS breach actually exposed more than 700,000 people

Following a nine-month investigation that looked back to the launch of the “Get Transcript” application at the heart of the IRS breach, the agency announced on Feb. 26 that it had determined an additional 390,000 accounts were potentially accessed during the time period of Jan. 2014 through May 2015. This brings the overall total of affected taxpayers to as many as 724,000 — a huge increase from the initial estimation of 100,000 in May 2015 (which was updated in Aug. 2015 to more than 300,000). Although the “Get Transcript” application was only online for two years, it is clear from these findings that it was a security risk for its entire existence — which is certainly not the kind of news that instills any faith in the ability of the IRS to keep taxpayer information secure online.

The IRS image hasn’t been helped at all by other security issues, such as an intrusion discovered within the past month of its Electronic Filing (E-file) PIN application as well as a Federal Trade Commission press release that indicated tax fraud was at the heart of a 47% spike in identity theft over the past year. Public perception of the government’s ability to keep them — and their data safe — is low, especially in light of current events like the ongoing spat between the FBI and Apple which has the potential to undermine the privacy many of us take for granted.

Is there anything I can do to protect myself?

Unfortunately, what complicates the recent IRS breaches is that the intrusions into the system were achieved by hackers who possessed taxpayer data obtained elsewhere — meaning, the social security numbers and other information used to access prior tax returns and other data came from other security breaches. Given the high frequency of data breaches over the past couple of years across a huge variety of industries, it’s hard to tell exactly where this data was obtained, especially since it’s likely most people have been exposed in more than one breach recently. As a result of this deluge of data breaches, it can be easy to become overwhelmed and possibly even numb to the real dangers they pose to victims’ identities and credit scores. Here are a couple of key points to remember:

1. Pay attention to who’s contacting you and how. Whenever a breach like this occurs, generally the company that was breached will notify those affected by letter through postal mail. It is unusual for notification to occur via another method, such as email or phone call. Keep in mind, phishing and phone scams tend to pop up surrounding large-scale data breaches as scammers try to take advantage of customer confusion. If you are contacted, remember that it is highly unlikely any personal data will be required and you are almost never going to be made to give over your credit card or banking account information to take advantage of any credit or identity theft monitoring provided to you after a breach.

It is worth noting, however, that most of the free monitoring offered will require some basic information such as your social security number and birth date in order to verify your identity if you choose to sign up. Knowing how to ensure you’re using a secure website is one key to preventing yourself from being taken advantage when attempting to cash in on your complimentary offer.

2. Most complimentary monitoring doesn’t cut it. While it is certainly a nice gesture, and one that has become the standard response to a security breach, the truth is that companies rarely offer customers a complimentary credit or identity theft monitoring service that is up to snuff. Usually, the weakness in the free monitoring — aside from the fact that it will eventually come to an end — comes from the fact that few monitor all three credit bureaus or provide you with access to your credit reports and scores. Since not all creditors report to all three bureaus (in fact, most of them don’t), you are potentially missing out on changes that could indicate your identity is being misused. You can circumvent this by taking matters into your own hands — either by signing up for an identity theft protection service on your own dime or taking the no-longer-so-drastic measure of freezing your credit reports entirely.

Identity theft is an issue that seems to be never-ending, and it’s distressing to see how lax the security is for institutions we are supposed to be able to trust, such as our healthcare companies or the government itself. Paying attention to your own credit as well as taking care to make smart security decisions as you go about your daily life are the best lines of defense you can take at this point in time.