Remember when it seemed like every day we were reading about ID theft and tax refund fraud schemes involving rogue employees of tax preparation firms?
Yeah, well it’s still a thing. Here’s a story about a former rogue employee at Jackson Hewitt in McKinney, Texas. If you or someone you know may have used that firm’s branch or a Jackson Hewitt office in north Texas, you should check your credit report and take steps to protect yourself.
And in other unsettling news involving a Texas tax preparer, on August 2 of 2018, thedarkoverlord tweeted that they had hacked a Hurst, Texas firm called CB Tax Service. But they hadn’t hacked that firm at all, as I realized when I started investigating a sample of data the hacker(s) had provided to this site.
This site’s investigation indicated that the firm that they did hack was a firm with a similar name, C & B Tax Preparation. That firm, owned by one Wynora Johnson, had and has an address in Dallas. But a number of attempts to reach Ms. Johnson by phone failed — numbers were disconnected and the one working number was answered by someone who said she knew nothing about Ms. Johnson or that business.
So if you were a customer of C & B Tax Preparation in Dallas, you would be prudent to assume that thedarkoverlord is in possession of any personal and financial information you shared with that tax preparer. And you would be prudent to assume that if thedarkoverlord failed to successfully extort the firm (and for now, I will assume that they failed because they didn’t even have the right victim identified), then your personal and financial data may be up for sale on the dark web at some point. The sample data they had sent me have a number of image files as well as copies of completed tax-related forms and bank information. The image files include images of people’s driver’s licenses with name, address, DOB, and picture, as well as images of their and dependents’ Social Security cards.
DataBreaches.net did alert law enforcement in Dallas about the incident in the hopes that they would be able to notify the business or its owner. This site never received any follow-up, though, as to whether the business or its owner was ever reached — or, even more importantly — whether the business’s customers have been contacted and notified that their information is in the hands of thedarkoverlord. So if you know someone who used that service, you might want to encourage them to take steps to monitor their credit report and take steps to protect themselves.