Tax (fraud) season is here. Rogue insiders, data breaches, and a comment on biometrics. Summary Yandex investigates insider's theft and sale of user data. Data breach reported at Syracuse University. Brazilian authorities investigate apparent telco data breach. Data breach at Canadian car rental company. Notes on US Customs and Border Protection's facial recognition trials. Nothing is certain except death, taxes, and data theft. As April approaches, Americans find themselves drowning in the annual slog of tax season. Further complicating matters, the US Internal Revenue Service has issued a warning that identity thieves are taking advantage of the rush to file tax returns by attempting to steal tax preparers’ Electronic Filing Identification Numbers (EFINs), reports Bleeping Computer. A phishing campaign using emails with the subject line "Verifying your EFIN before e-filing" is attempting to convince tax officials to email cybercriminals documents containing their tax credentials. If the attackers succeed, they can then use the EFINs to impersonate tax professionals and file for fraudulent tax refunds. The announcement, which also warns against ransomware attacks, continues, “Some thieves also pose as potential clients, an especially effective scam currently because there are so many remote transactions during the pandemic.”