As if citizens didn’t have enough to worry about during the tax filing season, yet another data breach has claimed the identities of nearly 9,000 people. TaxSlayer announced a January 13th data breach, discovered during a routine security check, that released the personal identifiable information of many of its customers to an “unauthorized third party.”

IRS Sign

Tax information is highly sought after, so much that even notoriously violent street gangs in the US have given up dealing drugs or robbery in favor of organized identity theft rings that steal tax refunds by filing fraudulent returns. The very image of tattooed, hardened criminals sitting around with their laptops and a ream of stolen identifying information would be laughable if it weren’t such a rampant crime. How large is this crime? Current estimates state that the IRS pays out billions of dollars a year in stolen tax refunds; in 2015 alone that number was $5.8 billion.

In a filed letter about the breach, which occurred between October and December of 2015, the company stated, “The unauthorized third party may have obtained access to any information you included in a tax return or draft tax return saved on TaxSlayer, including your name and address, your Social Security number, the Social Security numbers of your dependents, and other data contained on your 2014 tax return.”

TaxSlayer believes the hackers accessed their customers’ user names and passwords through another online service, but didn’t specify what that meant. They did point out that the TaxSlayer system was not compromised and had no discovered security flaws. In the letter that went out to affected customers, the company offered instructions for resetting the passwords, monitoring their credit reports for any unauthorized activity, and enrolling in free credit monitoring. It would also be wise for the victims to get their tax returns filed as quickly as possible in order to attempt to beat the hackers to it.