Better Protections Wanted In Wake Of Tax Office ID Theft
Better Protections Wanted
In Wake Of Tax Office ID Theft
HARTFORD â Attorney General Richard Blumenthal is urging the Department of Revenue Services (DRS) to take stronger measures to protect more than 100,000 Connecticut taxpayers at risk of identity theft because of a stolen laptop, as well as make major changes to a contract with a private firm hired to help shield consumers.
In a letter to Department of Revenue Services (DRS) Commissioner Pam Law, Mr Blumenthal said that DRS should:
*Provide taxpayers with free âcredit freezesâ in addition to the âcredit alertsâ proposed by DRS. Credit freezes afford far greater protection from identity theft than credit alerts.
*Cover the cost of credit protection for two years instead of one.
*Provide each taxpayer at least $25,000 in identity theft insurance instead of the proposed $5,000.
*Protect taxpayers against risks of misuse of confidential financial information given to Debix One, Inc (Debix), an identity theft warning service hired by DRS, and stop automatic renewals at each taxpayerâs expense of the Debix service.
Mr Blumenthal asked DRS to change numerous provisions of its contract with Debix, including the absence of any prohibition on the company retaining and selling a Connecticut taxpayerâs information.
âDRS is offering taxpayers a security blanket when they need financial body armor,â the attorney general said. âThe DRS proposal fails to provide real protection on three counts: Itâs not long enough, itâs not strong enough, and itâs not secure or sure enough. The agencyâs proposal is riddled with risks â soft spots and shortcomings.â
Best Protections Required
âDRS should meet the same standard of protection â or even higher â that we have asked and received from private companies when security breaches occur,â the attorney general said. âThe DRS proposal falls short, leaving taxpayers exposed to identity thieves. Consumers need a firewall â a freeze on loans and lines of credit to identity thieves â not just an alert. They need protection for two years, not just one. They need real insurance, not the pittance offered. They need protection against misuse of confidential, private financial information they give to Debix.
âCredit freezes lock down credit and lock out identity thieves by prohibiting information releases necessary for new loans or credit. A freeze literally freezes out identity thieves, stopping access to information needed to pillage credit ratings and ruin lives.
âDebix must assure that consumer information is kept confidential and taxpayers are not tricked into expensive contract extensions. Consumers should not surrender ownership of personal financial information for protection against identity theft. I will work with DRS to provide consumers the highest level of protection possible, while reviewing policies and procedures to eliminate the likelihood of future breaches.â
DRS has proposed helping the more than 100,000 taxpayers affected by the security breach establish and maintain âcredit alertsâ on their accounts at the nationâs three credit rating agencies for a year. The agency has hired Debix to automatically renew fraud alerts every 90 days and call taxpayers whenever someone attempts to open an account in their names â a service normally provided under an alert only when the consumer is a previous victim of identity theft.
Credit Freezes Demanded
Mr Blumenthal called such assistance inadequate standing alone. He said that DRS should reimburse for âcredit freezesâ â which afford a far greater level of protection â along with the Debix service. Under a credit freeze, credit rating agencies are prohibited from releasing any information without a consumerâs express permission, making identity theft virtually impossible. Consumers must pay fees whenever they freeze or unfreeze their credit, costs Mr Blumenthal said the state should pick up for two years.
Mr Blumenthal called on DRS to provide the same level of protection to victims of security breaches as private companies. The Hartford Insurance Company, for example, provided free credit freezes after similar security breaches, while Pfizer extended credit protection for two years.
Mr Blumenthal said that DRS must make major revisions to its proposed contract with Debix, including:
*Requiring Debix to keep confidential all information about Connecticut taxpayers and to destroy such information when the service expires.
*Eliminating a provision providing for automatic renewal unless the consumer tells Debix he or she wishes to cancel. The provision may violate state laws restricting automatic renewals, Mr Blumenthal said.
*Eliminating a requirement that disputes be settled in Texas courts.
*Requiring Debix to allow more than one consumer to use a single e-mail address.
*Clarifying terms governing state payments to the company.