TZUTC: -0500   
   MSGID: 1899.consprcy@1:2320/105 2dba6fa8   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
    [This is actually nothing new.  I don't remember any ransomware-style   
   attacks but, when I used to work for the Kentucky Department of Revenue,   
   just about every year there would be a preparer or two who got hacked.  It   
   was usually at a time the fraudster knew they would have a lot of returns   
   ready to transmit and, often, the preparer would not know it had happened   
   until taxpayers started calling them (or us) wondering where their refunds   
   were.   
      
    The fraudster would file their returns, changing only the direct deposit   
   information so the refund went them instead of the taxpayer. -- Mike]   
      
   Hackers are targeting taxpayers as they file - here's what to look for   
      
   Date:   
   Tue, 30 Dec 2025 16:30:00 +0000   
      
   Description:   
   Russia-linked actors are targeting tax firms in the US, stealing highly   
   sensitive data   
      
   FULL STORY   
      
   CSA Tax & Advisory, a local accounting and tax firm from Haverhill,   
   Massachusetts, reportedly suffered a ransomware attack at the hands of a   
   Russia-linked ransomware gang. The group, calling itself Lynx, added CSA to   
   its data leak site recently, saying it also stole sensitive data from US   
   taxpayers.    
      
   CSA is yet to confirm or deny the breach, so whether or not Lynxs claims are   
   legitimate, remains to be seen.    
      
   Still, the group shared a data sample on its site, and researchers from   
   Cybernews claim it contains peoples full names, Social Security Numbers    
   (SSN), postal addresses, spousal health care coverage agreements, invoices,   
   individual income tax return data , IRS e-file signature authorization forms,   
   and internal corporate correspondence.   
      
   How the data could be abused    
      
   If confirmed, the breach would be quite serious, since it would be full   
   identity and financial compromise - putting victims at risk of identity theft   
   and fraud.    
      
   At the individual level, SSNs combined with postal addresses and tax return   
   data can result in complete identity theft. Criminals can open credit cards,   
   take out loans, file fraudulent tax returns to claim refunds, and pass   
   identity checks at banks, lenders, and government services. Because SSNs dont   
   expire, the damage can persist for years.    
      
   Tax-specific documents like IRS e-file signature authorization forms can also   
   be abused to submit fraudulent tax filings, redirect refunds, or alter    
   filings before the victim notices.    
      
   Victims can end up in months long disputes with the IRS to prove they were   
   victims of fraud. Spousal health care coverage agreements can lead to   
   insurance fraud and extortion. Attackers can use this information to submit   
   fake insurance claims, impersonate policyholders with insurers, or threaten    
   to expose sensitive family or medical-related details - so there is a serious   
   and measurable danger for those exposed (if the breach occurred).    
      
   Crooks can also use the data to target businesses with social engineering,   
   business email compromise (BEC), or financial fraud.    
      
   Internal emails can reveal workflows, approval chains, and trust   
   relationships, which cybercriminals can abuse to great extent. In such   
   scenarios, businesses would be looking at regulatory penalties, mandatory   
   breach notifications, lawsuits, loss of client trust, and potential   
   professional liability claims. In the US, exposure of SSNs and tax data often   
   triggers state breach laws, IRS scrutiny, and possible FTC action.    
      
    Via Cybernews    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/hackers-are-targeting-taxpayers-as-they   
   -file-heres-what-to-look-for   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426