They got hit. HARD. Indications were that crooks were accessing W-2 information and filing fraudulent tax returns between April 17, 2016 and March 29, 2017 -- all but a full year. The records were protected by a four digit pin, which is pretty trivial to get past, and then by knowledge-based questions, which sadly, most people answer truthfully and are thus fairly easy to Google. Where did you attend high school? What was your first car? What is your mother's maiden name? My answers would be Atlantis, Ferrari, and Ozymandius. I then log the answers in an encrypted note program on my iPhone called MSecure, I'm certain there are similar programs for the Android ecosystem. Each site gets different answers as the moment strikes me.