An H&R Block spokesperson just let the world know that users of its TaxCut software had client SSNs exposed in the software’s mailing. Tax software companies send out the latest versions of their goods to all clients on their lists, in hopes they will install it and buy a license. H&R Block used tracking numbers on the package that contained the customers’ SSNs, but the spokesperson said not to worry – the number would be impossible to spot. Yea right.
Grab a few packages, run through the series until you find some valid strings for the first 3 digits of the SSN (which usually identify where someone was born), and you are off to the races. It is a little far fetched, but then again, so is digging around in someone’s garbage (it happens).
I love tax software, but I never use their services to file my returns, for this very reason – I don’t want the software maker to connect my use of their product with my tax ID. I also love spokespeople, because they never seem to know what they are talking about.