IRS Breach Much Worse than Reported

The IRS breach is worse than we thought. In the wake of the EUGet TranscriptEU Web application hack discovered in May, the government agency is sending letters to about 220,000 more taxpayers whose information may have been accessed. An attempt to steal the information of an additional 170,000 taxpayers was unsuccessful.

The IRS originally reported that criminals used taxpayer-specific data acquired from outside sources to gain unauthorized access to 100,000 tax accounts through its Get Transcript app. This data included Social Security numbers, dates of birth, and street addresses.

The hackers gained enough outside information before trying to access the IRS site, allowing them to clear a multi-step authentication process that included several personal verification questions typically only the taxpayer knows, according to the IRS.

The agency said it believed that some of this information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season and urged people who received the letters to take steps to protect themselves.

Will Tax Returns Suffer?

John Gunn, vice president at digital security firm VASCO Data Security, offered a chilling thought. He told us if you are hoping to get your tax refund before the hackers get it, you'd better file early next year.

EUGovernment agencies and other organizations must abandon outdated methods of user identification and security,EU Gunn said. EUCriminal hacking organizations are employing remarkably innovative and sophisticated methods of attack. If we donEUt get serious and employ equally advanced methods of authentication and fraud detection, the hackers will continue to win.EU

Jeff Hill, channel manager at security software firm Stealthbits, agreed. He told us one of the reasons authentication-based attacks are so effective -- and so popular among hackers -- is that theyEUre very difficult to identify.

EUOnce legitimate credentials are obtained, itEUs nearly impossible to distinguish between the good...

Comments are closed.