TZUTC: -0500
MSGID: 1899.consprcy@1:2320/105 2dba6fa8
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
 [This is actually nothing new.  I don't remember any ransomware-style
attacks but, when I used to work for the Kentucky Department of Revenue,
just about every year there would be a preparer or two who got hacked.  It
was usually at a time the fraudster knew they would have a lot of returns
ready to transmit and, often, the preparer would not know it had happened
until taxpayers started calling them (or us) wondering where their refunds
were.

 The fraudster would file their returns, changing only the direct deposit
information so the refund went them instead of the taxpayer. -- Mike]

Hackers are targeting taxpayers as they file - here's what to look for

Date:
Tue, 30 Dec 2025 16:30:00 +0000

Description:
Russia-linked actors are targeting tax firms in the US, stealing highly
sensitive data

FULL STORY

CSA Tax & Advisory, a local accounting and tax firm from Haverhill,
Massachusetts, reportedly suffered a ransomware attack at the hands of a
Russia-linked ransomware gang. The group, calling itself Lynx, added CSA to
its data leak site recently, saying it also stole sensitive data from US
taxpayers. 

CSA is yet to confirm or deny the breach, so whether or not Lynxs claims are
legitimate, remains to be seen. 

Still, the group shared a data sample on its site, and researchers from
Cybernews claim it contains peoples full names, Social Security Numbers 
(SSN), postal addresses, spousal health care coverage agreements, invoices,
individual income tax return data , IRS e-file signature authorization forms,
and internal corporate correspondence.

How the data could be abused 

If confirmed, the breach would be quite serious, since it would be full
identity and financial compromise - putting victims at risk of identity theft
and fraud. 

At the individual level, SSNs combined with postal addresses and tax return
data can result in complete identity theft. Criminals can open credit cards,
take out loans, file fraudulent tax returns to claim refunds, and pass
identity checks at banks, lenders, and government services. Because SSNs dont
expire, the damage can persist for years. 

Tax-specific documents like IRS e-file signature authorization forms can also
be abused to submit fraudulent tax filings, redirect refunds, or alter 
filings before the victim notices. 

Victims can end up in months long disputes with the IRS to prove they were
victims of fraud. Spousal health care coverage agreements can lead to
insurance fraud and extortion. Attackers can use this information to submit
fake insurance claims, impersonate policyholders with insurers, or threaten 
to expose sensitive family or medical-related details - so there is a serious
and measurable danger for those exposed (if the breach occurred). 

Crooks can also use the data to target businesses with social engineering,
business email compromise (BEC), or financial fraud. 

Internal emails can reveal workflows, approval chains, and trust
relationships, which cybercriminals can abuse to great extent. In such
scenarios, businesses would be looking at regulatory penalties, mandatory
breach notifications, lawsuits, loss of client trust, and potential
professional liability claims. In the US, exposure of SSNs and tax data often
triggers state breach laws, IRS scrutiny, and possible FTC action. 

 Via Cybernews 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-are-targeting-taxpayers-as-they
-file-heres-what-to-look-for

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426