BreachExchange mailing list archives
IRS Data Breach Sets Off Alarms
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 27 May 2015 20:00:20 -0600
http://www.cpapracticeadvisor.com/news/12077796/irs-data-breach-sets-off-alarms A serious security breach at the IRS has the agency scrambling to beef up its ID theft efforts while the public and lawmakers stew. The IRS announced on May 26 that hackers had gained access to the personal information of more than 100,000 American households through its “Get Transcript” application. According to IRS Commissioner John Koskinen, who spoke to media at a press conference, the identity crooks were successful in about 104,000 attempts to gain information from February through the middle of May. Another 100,000 hacks failed. There were no other breaches outside the Get Transcript program. The incident comes on the heels of other cyber breaches in certain states earlier in the year. It points out the dangers facing the taxpaying public and the growing strength of the criminal element the IRS is up against. “Eighty percent of the identity theft we’re dealing with and refund fraud is related to organized crime here and around the world,” said Koskinen. “These are extremely sophisticated criminals with access to a tremendous amount of data.” The Get Transcript application enables taxpayers to gain access to returns from previous years. Once they accessed this data, the thieves used it to file fraudulent returns that provided a refund to a debit card. The IRS has temporarily shut down the Get Transcript app while the breach is being investigated. Hackers have used the data to obtain almost 15,000 refunds for a total of nearly $50 million. But it is believed that this isn’t the end of the story. The IRS admitted that some stolen tax transcripts might have been set aside with an eye towards using them for ID theft next tax filing season. In order to access the accounts, the crooks had to provide specific information, including a taxpayer’s Social Security number, date of birth, tax filing status and address. In addition, the process requires you to answer some personal questions, such as the name of your high school’s mascot. Koskinen indicated that social media may have aided the thieves in this regard. “This is not a hack or data breach. These are impostors pretending to be someone who has enough information” to get more,” he said. He then suggested that the crooks may be relying on other sophisticated programs to mine and collect this data. However it is characterized, both the Treasury Inspector General for Tax Administration (TIGTA) and the IRS’ Criminal Investigation unit are investigating the intrusion. In the meantime, the IRS has announced that it will provide free credit monitoring services to victims and will notify the taxpayers involved in the unsuccessful attempts. It also has emphasized that the thefts didn’t involve its core system. “During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts,” the IRS said. Nevertheless, vocal members of Congress – led by Senator Orrin Hatch (Rep.-Utah), chairman of the Senate Finance Committee (SFC) and House Ways & Means Chairman Paul Ryan (Rep- Wis.) – are both alarmed and irate. Changes could be coming at the tax collection agency.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- IRS Data Breach Sets Off Alarms Audrey McNeil (Jun 02)