The vulnerabilities of the Income tax department’s Data security Systems have become a hot topic of discussion once again with the latest news of yet another hacking incident of the Income tax account of a Bollywood celebrity – Kareena Kapoor making headlines.
The Finance Ministry has recently admitted that, some UNAUTHORISED people have accessed the income tax accounts of e-filers. However, the government says, this does not amount to hacking, as there was no breach of data security, it only admits that unscrupulous elements have accessed e-filers income tax accounts by resetting the passwords.
Why do Hackers Access your Income Tax accounts
The recent case of hacking income tax account of a celebrity is not a one off incident or the first of its kind. Previously, in the year 2013, out of curiosity, a Chartered Accountant student from Hyderabad, hacked the account of Industrialist Anil Ambani. Income tax accounts of many other celebrities including Sachin Tendulkar, MS Dhoni were accessed without proper authorization in the past.
In all these cases, the hackers had no expert knowledge of hacking; they were students who accessed the accounts out of curiosity. As in the case of Anil Ambani’s account, the hacker downloaded the copy of e-returns, on other accounts, hackers skimmed through the information of the assesse, and the hacker filed a return of 7 lakhs on Kareena Kapoor’s account.
What Do Hackers Get
Similar hacking incidents were also reported in the United States, and it is believed that the hackers tried to divert income tax refunds into their bank accounts. In India, however, teenagers resorted to hacking out of curiosity without any knowledge of cyber crime laws, punishments, etc. However, such incidents reveal the fragility of Income Tax Department’s computer systems and put at risk the sensitive and personal information of close to 3 crore e-filers in the country.
Such incidents of identity theft may lead to cybercrimes, financial and other, though no such incidents reported in the cases of hacking of income tax accounts so far. Hackers get access to sources of income, yearly income, personal details such as PAN, Bank Account number, Phone number, email id, address, etc.
How to Protect your Income Tax Account against hacking
The government says that in a bid to protect the sensitive information of e-filers, it intends to put in place a robust Multi-functional authentication to restrict un-authorized access of e-filers accounts. The hackers so far had an easy option to reset password by providing simple information to reset password for successful log-in.
The government plans to counter this simple password reset option with Multi-functional authentication, which offers higher security to income tax accounts. With the E-filing Vault option, assesse can add more security to his/her account. The new security measures will add one more step for safe login, to log in you will require a Onetime password, login with net banking or with a digital signature certificate. The government recommends that every assesse create such steps by going to the e-filing vault option in their account to beef up security of their income tax account.
Government also warns assesse that some mobile applications are not approved by Income tax department, as these applications do not follow the data security structures as prescribed by the department, and using such applications to file your returns may pose risk to your income tax account security.
Finally, you need to create a random password that is lengthy and has a mix of upper case, special characters, and numbers. Do not use same password for multiple accounts. Do not share your password with others.
If you notice, any suspicious activity on your account report the matter to the Income tax department, and the police.
The hackers being Ill informed, mischievous teenagers, it is recommended that the chartered accountants take extra care when accessing their client’s account and educate their interns of the consequences of un-authorized accessing income tax accounts. In all the cases of un-authorized access of Income tax accounts so far, the culprits have faced ar
