The Legal Examiner Affiliate Network The Legal Examiner The Legal Examiner The Legal Examiner search instagram avvo phone envelope checkmark mail-reply spinner error close The Legal Examiner The Legal Examiner The Legal Examiner
Skip to main content

Over the past year, the Nation has seen the effects of Internet espionage and data breach attacks play out in the political arena; however, that does not mean that average citizens are not affected by such cyber-attacks. Earlier today, the Washington Post reported on Thursday’s testimony of Internal Revenue Service Commissioner John Koskinen, which indicated that “the IRS identified suspicious activity in the files of people who were using a ‘data retrieval tool’ as they filled out the Free Application for Federal Student Aid.”

Based upon the Post’s reporting of Commissioner Koskinen’s testimony, it appears that identity thieves were attempting to utilize stolen information from Free Application for Federal Student Aid (FAFSA) forms to file fraudulent tax returns and, in fact, “about 8,000 fraudulent refunds were issued, totaling $30 million” before the IRS recognized and sought to correct the problem.

This is not the first data breach scandal to affect our country. In 2016, Yahoo! customers were victims of two separate data breach attacks. Likewise, in May of 2015 CareFirst customers also fell victim to a data breach attack, for which a class action lawsuit has been filed under various claims including violations of the DC Consumer Protection Act.

Victims of such data breaches are not without recourse. Internet Privacy Policies are generally entered into between consumers of a product and their manufacturers of such products. Such Policies place an affirmative duty upon the manufacturer to safeguard personal identifiable information through secured means, such as data encryption. Additionally, specific to the District of Columbia, the DC Data Breach Notification Statute identifies “personal information” as “An individual’s first name or first initial and last name, or phone number, or address, and any one or more of the following data elements: (ii)  Any other number or code or combination of numbers or codes, such as account number, security code, access code, or password, that allows access to or use of an individual’s financial or credit account.”  D.C. Code § 28-3851(3).

If Commissioner Koskinen’s testimony proves to be accurate and you have been a victim of such a data breach and identity theft, you may have a claim to pursue under your state’s consumer protection act, as well as for a breach of contact.

Comments for this article are closed.