In the immortal words of Benjamin Franklin there are only two things certain in life: death and taxes. The adage rings true over 200 years after one of our founding fathers coined it. This year, millions across the U.S. will—begrudgingly—file their tax returns April 18.

However, there may be a third item that needs to be added to Franklin’s certainties: data breaches. In October 2016, the Treasury Inspector General for Tax Administration reported that the increase of tax payer information online will undoubtedly lead to an increased threat of data breaches and identity theft. The report said that the benefits of allowing taxpayers to file their sensitive information online must be weighed against the growing risk for data theft and tax fraud.

To help drive home the point, the Internal Revenue Service each year puts out a “Dirty Dozen” list of the worst tax scams to avoid. Identify theft remains a “top scam,”  according to the IRS. However, the IRS is fighting back against this fraud by working with state tax authorities and professional stakeholders “to seek new and expanded ways to reduce identity theft,” the IRS said. As part of the IRS’ tips to taxpayers, it says that people should use the most up-to-date security software, avoid phishing emails and protect personal data including Social Security numbers.

Mark Testoni, president at SAP National Security Services Inc. (SAP NS2), told Bloomberg BNA that the largest data security concern may not rest with the IRS but rather with the growing trend of sensitive personal information present online without knowing the necessary risks.