A security bug has been spotted on Florida's Department of Revenue website, which may have exposed hundreds of tax filers' sensitive data. These include their bank accounts and Social Security numbers. The bug allowed users to see, modify, or delete personal data, which can all be achieved just by changing the link details that lead to a taxpayer's application number. All that's needed is to log in and modify the digits in the link.
Has This Been Resolved?
According to the department's representative, Bethany Wester, it has already been resolved. It took four days before it was fixed, seeing as it was reported back on October 27th. Kamran Moshin, a researcher who discovered the flaw, said that there were around 713,000 applications in the site's pipeline, as mentioned in Engadget.
Wester claimed that there were no signs that attackers exploited the bug, although she did not mention how officials determined if there was sensitive data stolen. The potential victims that were affected by the flaw have already been contacted and were offered free credit monitoring for a year.
What If My Social Security Number Was Stolen?
There are certain steps you can take to avoid any further damage. It's important that you do this as soon as you can. If you believe that your SSN has been stolen, report the theft to the proper authorities, like the FTC and the police. You might want to take action to make sure that no one steals your identity as well.
If a threat actor accessed your Social Security number, they might be able to file a tax return in your name. They could also file for unemployment or government benefits using your SSN. You'll be filling out forms and given instructions for a recovery plan. If your identity was stolen, you'd fill out Form 14039, which is the identity theft affidavit.
To minimize risk, you may also freeze your credit. This will prevent threat actors from opening new accounts or applying for loans using your SSN. You can unfreeze your credit anytime, and it won't affect your credit score at all. If you decide to freeze your credit, make sure you do this with all the bureaus like Experian, TransUnion, and Equifax.
If there are no signs of fraud yet you are wary of attacks, you can just file a fraud alert on your credit report, according to Experian. The fraud alert will urge businesses to verify your identity before offering credit. This will not affect your credit score and will apply to all three bureaus after reporting it to one.
In the event that a fraudster did use your SSN, you should contact the companies or agencies involved. That way, they can take measures to make sure that the threat actor won't do any more damage. Regularly check your Social Security Statement in order to monitor whether or not there are suspicious activities.
What If My Bank Information Was Stolen?
The best thing to do first is to freeze all your accounts, whether it's credit or debit. The next thing to do is to contact your bank immediately and file an identity theft report. You will also need to change your pins and passwords so the threat actor won't be able to open it. Check for irregularities in your account and report them to your bank immediately.