NEWS
NEWS
NEWS
Unprecedented IRS breach sees hackers make off with 100,000 Americans’ personal info
After a long string of attacks against private companies, it became the Internal Revenue Service’s turn to step into the sights of the black hat community this week after a massive attack that claimed the most sensitive private information of over 100,000 tax-paying citizens. The breach saw the agency’s own fraud prevention system turned against it.
Much like banks and other institutions that deal in financial data, the IRS requires users to identify themselves with an elaborate combination of credentials on its online services to minimize the risk of unauthorized access. Except instead of usernames and passwords, its “Get Transcript” application uses personally identifiable information such as Social Security Numbers, which ended up backfiring.
The hackers responsible for the breach apparently obtained the details of their victims sometime in the run-up to the attack from an unspecified “non-IRS” source, according to the official statement from the agency, which opened the cryptographic gates wide open. From there, all that had to be done was download their victims’ tax transcripts.
That information will most likely be used for phony refund requests, an increasingly common type of fraud that resulted in the theft of an estimated $6 billion dollars from government coffers last year. However, as alarming as that is, the attack could have been much worse. The IRS stated that only half of the roughly 200,000 malicious log-in attempts that its engineers detected have been successful, but that should come as little comfort to the 100,000 people whose personal information was compromised.
To mitigate the chance of that happening, the IRS is offering free credit monitoring to the victims of the breach (and won’t require personal details to verify eligibility, the statement stressed) in addition to other percussions. That diminishes the risk of fraud somewhat, but doesn’t take away from the worrying simplicity with which the hackers managed to gain access to such sensitive information.
With a newly published study from IBM revealing that nearly a third of breaches are the result of system glitches, it’s clear there’s much work to do in order to meet modern security requirements. That’s just as true for enterprises as the IRS.
Photo Credit: subcircle via Compfight cc
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
