H&R Block acknowledged last week that it had mailed unsolicited packages, containing their TaxCut software, to former customers early in December and that some of these packages had the former client’s social security number (SSN) embedded in the source code on the mailing label, CIO-today.com news reports. This kind of software mailing is a common marketing practice in many industries, according to WTVQ.com in Lexington, Kentucky.
H&R Block’s spokesperson, Denise Sposato said in a statement quoted by WTVQ, “We believe the exposure of a recipient’s social security number embedded within 47 numbers and characters was limited to the recipient alone.”
Tracy Lowman, who received the free software in the mail, described the label to WTVQ.com saying, “Oh the first letter I come to is HRB. The next is clearly a string of numbers that’s the same as a social security number with an underscore, and then a year.”
The error affected 3 percent of a mailing, Sposato said. She did not reveal the total size of the mailing, or the number of people affected, CIO-today reports. Sposato did say that the “breach is completely contrary to our established procedure. We do not buy Social Security numbers as part of the mailing lists that we purchase, and we do not sell Social Security numbers.”
H&R Block has sent out mailings, by first-class mail, to all of the people affected by the security breach, advising them to check their credit reports for the nest year, and recommending the use of three credit agencies that will not charge them for the service, CIO-today.com says.
Social Security numbers are used by nearly every government agency to identify taxpayers and are used as “personal ID numbers” by state governments, employers and businesses. The difficulty in changing an individual number makes them a prime target for identity thieves, according to Martin Bosworth, writing for ConsumerAffairs.com.
In December, the Internal Revenue Service (IRS) published proposed guidance on the disclosure or use of tax return information by tax return preparers, on their web site, IRS.gov. “A key principle underlying the proposed guidance is that tax return preparers may not disclose or use tax return information for purposes other than tax return preparation without the knowing, informed and voluntary consent of the taxpayers,” the proposed guidance says.
To minimize identity theft, the IRS recommends in Minimizing Identity Theft that individuals protect their SSN’s by not carrying them, and by not giving the number out unless absolutely necessary. “Ask why the SSN is needed and if other types of identifiers can be used.” Make sure your employer is protecting your number, and if you do not do your own tax return, “be careful in choosing you tax preparer – as careful as you would be in choosing a doctor or a lawyer.”