There are many types of new identity theft scams these days. One such con was the recent Equifax data breach–resulting in the compromise of data for approximately 146 million consumers—including Social Security numbers. Is it possible that recent fake tax claims that are being reported could be linked to the Equifax data breach?

Social Security Benefits Fraud Victim

One such possible victim is James Shambo, a retired CPA from Colorado. Shambo received a 1099 tax form for over $19K in Social Security benefits that he never received. In fact, James, who is 67 years old, never even filed for benefits, he planned to sign up at age 70.

On September 11th (of all days), Shambo received a letter in the mail from the Social Security office, offering congratulations on his recent benefits claim. The problem was that James never filed, nor did he receive any checks. The money was paid out in a lump sum (having been deposited into a prepaid debit card account) on September 1st.

When Shambo asked why he was never notified in advance, before the check was mailed out, he was told by the agency, “There’s a task force in Washington working on this,” Shambo said.

Who is at Risk?

Shambo made his story public to warn others about ID theft in his blog on the “American Institute of Certified Public Accountants” web site. “Anybody 62 and older who hasn’t started benefits is exposed,” Shambo said.

How Big is The Problem?

In 2017 stolen Social Security numbers exceeded that of credit card numbers, for the first time ever, as the most breached form of identity theft. “About 35% of breach victims reported that their Social Security number was among the data compromised, compared with 30% with stolen credit card information,” says a recent report by Javelin Strategy Research.

No one really knows just how big the problem of Social Security benefits hacking really is, but, the scary thing is that Shambo feels his case was related to the Equifax data breach incident. According to a recent U.S. News article, “The Social Security Administration has downplayed the threat.”’

“Our antifraud activities identify attempts and make this type of activity you are asking about very rare,” wrote Eric Martinez, deputy regional communications director for the Social Security Administration’s regional office in Chicago, in an e-mail to Shambo.

Other Methods of Social Security Number ID Theft

While a big data breach, such as the one that occurred at Equifax, is certainly troublesome, it’s not the only way that identity and cyber thieves illegally get social security numbers. Consumers should be on the lookout for criminals who contact retirees, (over the phone, or online) claiming to be from the Social Security office, to trick consumers into giving out information. A common scenario to be wary of is when callers say that there has been a “computer glitch,” which requires them to verify Social Security numbers.

Unfortunately, the Social Security website doesn’t offer any advice for victims of identity theft, so consumers must handle the issue by calling or showing up to a local Social Security office. Consumers can, however, call 800-772-1213, Monday through Friday from 7 a.m. to 7 p.m., to report fraud, or if an SSA-1099 is received reporting that Social Security benefits will be started (or have already been paid out) for a claim that was never filed.

Victims of fraud may be required to file a Form 4868 for an automatic extension if the matter isn’t resolved in time, says U.S. News. According to Cari Weston, director of tax practice and ethics for the American Institute of CPAs, “The IRS does not want taxpayers to include fraudulently reported income on their returns.”


Although many people are suspicious, and it is entirely possible that recent Social Security number breaches resulted from the Equifax incident, it’s important to note that cyber hacking has been occurring for many years. It’s impossible to know for sure, exactly, how a person’s identity (and other data) may have been stolen.


Tempor, S. (2018, March) USA Today.