top tax vendors caught red-handed selling private taxpayer data

taxslayer, h&r block and taxact have been passing on sensitive personal and financial data to meta, google and other big tech companies.

by 卡塔尔世界杯常规比赛时间 research

q: since when did private tax returns become public information?

a: since some of the nation’s biggest tax preparers decided to share it.

more cybersecurity: jon baron: why the u.s. must act now to protect our online privacy |top tax vendors caught red-handed selling private taxpayer data | how hacker-proof is your firm? | it takes a village to stop cybercrime | one-third of cyber attacks involve small businesses | cyber insurance costs rise in health care as attacks soar | the why, what and how of cybersecurity for accountants | when cyber-crime hits close to home | cybersecurity for tax professionals |

more tax: irs embracing stakeholders | coming soon: new ways to pay the irs | irs sets milestones for radically new service | irs promises 12 customer service initiatives | should tax preparers be certified competent? | irs has big plans for its $80 billion | can’t irs tax pro accounts do more? | taxpayer assistance centers need upgrade
exclusively for pro members. log in here or 2022世界杯足球排名 today.

for all your concerns about protecting client information, it seems that taxslayer, h&r block and taxact have been passing on sensitive personal and financial data to meta, google and other big tech companies.

among the tax return data shared:

• names of taxpayers
• names of dependents
• street and email addresses
• phone numbers
• genders
• filing status
• adjusted gross incomes
• refund amounts
• indications of deductions and exemptions
• indications of types of income, such as rental and capital gains
• poorly occluded social security numbers

the federal trade commission has determined that the information was sufficient for big tech to create detailed dossiers on tens of millions of american taxpayers.

according to an investigation opened by senators elizabeth warren, ron wyden, richard blumenthal, tammy duckworth, bernie sanders and sheldon whitehouse and representative katie porter, the tax prep firms were “shockingly careless with their treatment of taxpayer data” and acted with “stunning disregard for taxpayer privacy.”

q: what’s the difference between tax season and harvest season?

a: not much.

a new u.s. senate probe reveals how big tax prep harvests data with computer code known as pixels.

for years, pixels – specifically meta pixel and google analytics – have been inserted into tax prep webpages for the purpose of gleaning information and passing it on to meta and google.

the tax prep companies claim that the use of pixels is “ubiquitous” and “common industry practice,” but the investigators say that “it is particularly reckless for online tax preparation websites to use them on webpages where tax return information is entered unless further steps are taken to ensure that the pixels do not access sensitive information.”

the “further steps” are often inadequate, the report explains. for example, social security numbers are “hashed” to make them unidentifiable. but anyone with modest tech skills can “unhash” the numbers and link them to individuals and their financial data.

q: what’s synonymous with anonymous?

a: none of us.

the report found that:

• the use of pixels to harvest and share data is extensive. and it isn’t just meta and google. taxslayer deployed pixels from cloudflare, commission junction, episerver, heap, infotrust, innovid, medallia, microsoft, verizon and youtube.
• the tax prep industry shared sensitive data, including income data, from tens of millions of taxpayers. this included taxact sharing information for those using its irs free file service.
• shared data was not truly anonymous. specifics can be unhashed. email addresses can be matched with those on file at meta and google. google analytics pixel code can be reconfigured to collect unobscured information. data from a tax return can be linked to a user’s web browsing history.
• data-sharing practices were irresponsible. taxslayer implemented meta pixel without understanding its functionality, and taxact and h&r block knew but chose to implement it anyway. meta refused to respond to requests about the final disposition of data.
• sharing data with meta and google was potentially illegal. it’s complicated, but according to the report, the tax preparers often offered inadequate disclosures and did not obtain valid taxpayer consent. illegal disclosure is subject to a fine of $1,000 per violation and a prison term of up to one year.

q: what’s $1,000 times tens of millions?

a: if you have to ask, you can’t afford it.

conclusion

the report called for immediate investigations by the department of justice, the internal revenue service, the treasury inspector general for tax administration and the federal trade commission, with liable actors to be duly prosecuted.

the senators and representatives also called for the tax code to be simplified to the point where tax preparers are unnecessary and for the irs to follow through on its program to offer free online tax preparation service that is not linked to private tax preparers.

 

 

posted on july 19, 2023