TransUnion Identifies Increased Risk for Tax Fraud Linked to 970 Data Breaches in 2024

Rhea-AI Summary

TransUnion (NYSE: TRU) warns of heightened tax fraud risks in 2025 following analysis of 2024 data breaches. The study revealed 970 data breaches exposing 640 million consumer records containing critical personal information needed for tax fraud.

Key findings show that 71% of data breaches in the first half of 2024 exposed full Social Security numbers, up from 57% in 2023. This exposed data enables fraudsters to file false tax returns or intercept legitimate returns through bank account access.

To combat this threat, TransUnion recommends government agencies implement call authentication and identity verification tools, particularly as 62% of consumers won't answer calls from unknown numbers. Banks are advised to verify payee-account matches and monitor for fraudulent account creation. Consumers are encouraged to regularly monitor bank activities and credit history, especially during tax refund periods.

Positive

• Company positioning as leader in fraud prevention solutions
• Development of comprehensive fraud prevention tools (TruValidate and TruContact)
• Strategic focus on government and financial sector security solutions

Negative

• 970 data breaches identified in 2024 expose significant security vulnerabilities
• 640 million consumer records compromised, increasing fraud risk
• 71% of breaches exposed full Social Security numbers, up from 57% in 2023

Exposed personal data creates risks to government agencies, banks and consumers

CHICAGO, March 05, 2025 (GLOBE NEWSWIRE) -- Tax refund theft is an annual concern and 2025 brings an elevated risk, according to a TransUnion (NYSE: TRU) analysis. Researchers found that in 2024 there were 970 data breaches in which fraudsters obtained the kinds of personally identifiable information (PII) required for various forms of tax fraud.

In total, 640 million consumer records were exposed in 2024, containing critical pieces of information like Social Security numbers, address histories, and full names. A recent TransUnion report found full Social Security numbers were exposed in 71% of data breaches in the first half of 2024 alone—up from 57% in all of 2023. The exposed information can help fraudsters file false tax returns in a victim’s name, or access someone’s bank account to intercept their tax return.

“What we found is that the volume and severity of recent data breaches have created tremendous vulnerability,” said Greg Schlichter, director of research and consulting for TransUnion’s public sector business. “Government agencies, like the IRS, as well as financial institutions and consumers need to be alert to this threat.”

How government agencies can defeat fraudsters
Many fraudsters will target call centers to either test the veracity of PII acquired from criminal marketplaces, or to directly impersonate a victim. Call center leaders must look out for suspicious calls—such as those that show signs of spoofing, or those placed through a Voice-over-IP service—even for routine requests like address changes or tax return tracking.

In addition, fraudsters will access online government portals with stolen PII to validate stolen identity information, file false returns or intercept return status updates. Agencies should employ identity verification and document authentication technologies to flag impersonators who may also use AI to generate photo-realistic credentials.

“There are a number of fraud prevention tools that agencies can leverage,” said Naureen Ali, U.S. Head of Fraud at TransUnion. “Using call authentication and identity resolution capabilities will make it easier to thwart fraud attempts that use stolen and synthetic identities.”

The researchers note branded calling tools are likely needed for agencies looking to proactively notify taxpayers whose returns are at risk, given the volume of government impersonation fraud. A recent TransUnion survey found that 62% of consumers won’t answer a call from a number or caller ID name they don’t recognize, even if they’re expecting a call from a government agency.

The role for banks and consumers
While the government should look out for fraudsters attempting to falsely file and claim tax returns, banks and other financial institutions should check to confirm that the payee matches the account owner on record. This can help ensure that incoming funds are intended for that customer.

Even prior to this point, however, banks should already be scrutinizing their deposit account openings to check for potentially fraudulent account creations that are used for criminal activities like drop accounts and mule accounts. Similarly, financial institutions should remain diligent to try to protect their existing deposit accounts from account takeovers.

Consumers can also protect themselves by monitoring their bank account activity and credit history. When they know their tax refund is due, they can check regularly to ensure it remains in their account. They can also use credit monitoring services to know if fraudsters have created new accounts in their name.

Learn more about TransUnion’s TruValidate™ Identity Verification Solutions and TruContact™ Trusted Call Solutions.

Read more about the implications of data breaches on tax fraud here.

About TransUnion (NYSE: TRU)
TransUnion is a global information and insights company with over 13,000 associates operating in more than 30 countries. We make trust possible by ensuring each person is reliably represented in the marketplace. We do this with a Tru™ picture of each person: an actionable view of consumers, stewarded with care. Through our acquisitions and technology investments we have developed innovative solutions that extend beyond our strong foundation in core credit into areas such as marketing, fraud, risk and advanced analytics. As a result, consumers and businesses can transact with confidence and achieve great things. We call this Information for Good^® — and it leads to economic opportunity, great experiences and personal empowerment for millions of people around the world. http://www.transunion.com/business

Contact	Dave Blumberg TransUnion
E-mail	david.blumberg@transunion.com
Telephone	312-972-6646

FAQ

How many data breaches did TransUnion identify in 2024 that could lead to tax fraud?

TransUnion identified 970 data breaches in 2024 that exposed personal information capable of enabling tax fraud.

What percentage of data breaches exposed Social Security numbers in early 2024 according to TRU?

71% of data breaches in the first half of 2024 exposed full Social Security numbers, an increase from 57% in 2023.

How many consumer records were compromised in the 2024 data breaches identified by TRU?

640 million consumer records were exposed in the data breaches during 2024.

What solutions does TransUnion recommend for government agencies to prevent tax fraud?

TransUnion recommends call authentication, identity verification, document authentication technologies, and branded calling tools to prevent tax fraud.

What percentage of consumers won't answer unknown calls according to TransUnion's survey?

62% of consumers won't answer calls from unrecognized numbers or caller IDs, even when expecting government agency calls.