The Liberty Tax Service breach, first reported in the media based on a sheriff’s report, has now been reported to the California Attorney General’s Office.
In its notification to those affected, Sam Filo, CEO of YBF Tax Inc., writes:
We are contacting you to inform you that on February 1, 2015, a burglary occurred at our Liberty Tax Service office at 27214 Baseline Street, Highland CA, during which some files and electronic records were taken.
We take aggressive steps to protect your personal information, including an active alarm monitoring system, security cameras, and ensuring all records are securely locked. However, despite our efforts the burglars removed some files and computer towers from the premises. The information contained in the towers was password protected.
We believe that some of your personal information, including your name, address, date of birth, identification number, social security number, income documents and (if applicable) names of your dependents, their dates of birth, and their social security numbers, may have been on those computer towers. Based on what we know now, there is no evidence that credit card information was compromised.
“May have been” on those towers? Is there no backup that could definitively determine whether the information was on the towers or not?
The notification does not indicate how many clients may have had their information stolen, but to help mitigate any harm, the firm is offering one year of credit monitoring and says that they will will work with clients to file paperwork with the IRS, State and all credit reporting agencies to help safeguard the clients’ personal information.
Often when offices are burglarized, the entities may claim that it was probably for hardware. But in this case, a tax service whose office is in a strip mall (see Google Street View) was burglarized in daylight (on Sunday), despite cameras and burglar alarms, and the thieves stole files as well as hardware. That suggests that they may well have been going for the information, and clients of the tax service should promptly take steps to protect themselves.