- Russia-linked Lynx gang claims ransomware attack on CSA Tax & Advisory and leaks taxpayer data
- Exposed records include SSNs, tax returns, health coverage agreements and internal company correspondence
- Violation risks full identity theft, IRS fraud, insurance fraud and serious business/legal consequences
CSA Tax & Advisory, a local accounting and tax firm from Haverhill, Massachusetts, reportedly suffered a ransomware attack at the hands of a Russian-linked ransomware gang. The group, calling itself Lynx, recently added CSA to its data breach site and said it also stole sensitive data from US taxpayers.
The CSA has yet to confirm or deny the breach, so whether or not Lynx’s claims are legitimate remains to be seen.
Still, the group shared a data sample on its website, and Cybernews researchers claim it contains people’s full names, Social Security numbers (SSN), mailing addresses, spousal health care coverage agreements, invoices, individual tax return data, IRS e-file signature forms and internal company correspondence.
How the data could be misused
If confirmed, the breach would be quite serious as it would be full identity and financial compromise – putting victims at risk of identity theft and fraud.
At the individual level, SSNs combined with mailing addresses and tax return data can result in complete identity theft. Criminals can open credit cards, take out loans, file fraudulent tax returns to claim repayments and pass identity checks at banks, lenders and government services. Because SSNs do not expire, the damage can continue for years.
Tax-specific documents like IRS e-file signature authorization forms can also be misused to submit fraudulent tax returns, redirect refunds, or alter filings before the victim notices.
Victims can end up in months-long battles with the IRS to prove they were victims of fraud. Spousal health insurance agreements can lead to insurance fraud and extortion. Attackers can use this information to submit false insurance claims, impersonate policyholders to insurance companies, or threaten to reveal sensitive family or medical-related details – so there is a serious and measurable risk to those exposed (if the breach occurred).
Crooks can also use the data to target companies with social engineering, business email compromise (BEC) or financial fraud.
Internal emails can reveal workflows, approval chains and trust relationships that cybercriminals can exploit to a great extent. In such scenarios, companies would be looking at regulatory penalties, mandatory breach notifications, lawsuits, loss of client trust and potential professional liability claims. In the United States, exposure of SSNs and tax data often triggers state violation laws, IRS audits, and possible FTC action.
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
