Identity theft is big business. Attackers use a variety of tools and techniques to extract tidbits of information that can be used to infiltrate a person\u2019s digital life, or assume their identity. The IRS inadvertently exposed sensitive information that could impact tens of thousands of American taxpayers.\tEvery detail has value\u2014a name, birth date, address, phone number, email address, etc. The ultimate prize in identity theft, though\u2014the master key that unlocks almost every other aspect of an online identity\u2014is the Social Security number. The Internal Revenue Service unwittingly exposed tens of thousands of Social Security numbers on the Internet, putting those affected at extreme risk of identity theft.\tEduard Goodman, Chief Privacy Officer for IDentity Theft 911, explained, \u201cThe information exposed is really the Holy Grail of personal information, as it is the key piece of information needed for new account creation, filing taxes, etc.\u201d\tThe beauty of a Social Security number from a cyber criminal\u2019s perspective is that it doesn\u2019t expire, and you can\u2019t just cancel the account or change your password. It\u2019s possible to request a new SSN, but it\u2019s a complicated process that is reserved only for extreme cases. For most people, the SSN will remain the same for life, so once an attacker has it life can get very messy.\tOne significant risk resulting from a breach such as this is the potential for cyber crooks to file fraudulent tax returns and apply for refunds using the exposed Social Security numbers. The IRS will process the first return that comes through for a given Social Security number, and reject subsequent tax returns using the same SSN. The legitimate owner of the SSN can most likely work everything out eventually, but it will be a hassle, and will delay any expected refund payments.\tGoodman recommends that people who believe their SSN has been exposed or compromised contact the credit bureaus and place a fraud alert on their accounts. A more secure option is to pay for a security file freeze that absolutely prevents any new debts or accounts being associated with that Social Security number.\t\u201cWhile the cost for doing this with all three bureaus is slightly less than $50 total, it is money well spent and locks down a credit file until the consumer decides to unlock it. (A process that could take a couple of days, so plan ahead before you go car shopping, finance furniture or refinance a home for instance),\u201d says Goodman.\tIdentity Theft 911 suggests that anyone who believes their identity has been stolen should file a police report, and contact the three major credit bureaus to notify them. It\u2019s also important to be vigilant about monitoring bank and credit card account statements for suspicious or fraudulent activity.\tBusinesses, CSOs, and IT admins should take note of the mistake the IRS made, and ensure processes and tools are in place to prevent a similar breach. Employees, customers, and suppliers entrust sensitive information with the companies they work with, and the company has an obligation to secure and protect it.