How to determine if you have been affected by the data breach
If you believe you may be affected, contact the IRS to find out if a fraudulent return has been filed in your name and with your social security number. If you find that you are a victim of a fraudulent return, consult the IRS Taxpayer Guide to Identity Theft and follow their instructions and procedures. The guide describes what typically happens in identity theft cases like these:
Usually, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund. Generally, the identity thief will use a stolen SSN to file a forged tax return and attempt to get a fraudulent refund early in the filing season. You may be unaware that this has happened until you file your return later in the filing season and discover that two returns have been filed using the same SSN.
Steps to take with the IRS
The IRS will ask you to complete and submit Form 14039 – Identity Theft Affidavit. You can also contact the IRS Identity Protection line at 1 (800) 908-4490. You will need to file your tax return in paper form along with the Identity Theft Affidavit. It will take additional time, but you should be able to eventually have your return processed so you can obtain your income tax refund (if applicable).
Other steps to take
In addition to the steps to take with the IRS, you should do the following to best secure your personal data:
Contact UPMC to notify them that you have been affected
Access your credit report and consider enrolling in a credit monitoring service
General identity security recommendations
The IRS suggests the following points to minimize the chance of becoming a victim of identity theft:
Don’t carry your Social Security card or any documents with your SSN on it.
Don’t give a business your SSN just because they ask. Give it only when required.
Protect your financial information.
Check your credit report every 12 months.
Secure personal information in your home.
Protect your personal computers by using firewalls, anti-spam/virus software, update security patches, and change passwords for Internet accounts.
Don’t give personal information over the phone, through the mail or on the Internet unless you have initiated the contact or you are sure you know who you are dealing with.