NEWS
NEWS
NEWS
Unprecedented IRS breach sees hackers make off with 100,000 Americans’ personal info
After a long string of attacks against private companies, it became the Internal Revenue Service’s turn to step into the sights of the black hat community this week after a massive attack that claimed the most sensitive private information of over 100,000 tax-paying citizens. The breach saw the agency’s own fraud prevention system turned against it.
Much like banks and other institutions that deal in financial data, the IRS requires users to identify themselves with an elaborate combination of credentials on its online services to minimize the risk of unauthorized access. Except instead of usernames and passwords, its “Get Transcript” application uses personally identifiable information such as Social Security Numbers, which ended up backfiring.
The hackers responsible for the breach apparently obtained the details of their victims sometime in the run-up to the attack from an unspecified “non-IRS” source, according to the official statement from the agency, which opened the cryptographic gates wide open. From there, all that had to be done was download their victims’ tax transcripts.
That information will most likely be used for phony refund requests, an increasingly common type of fraud that resulted in the theft of an estimated $6 billion dollars from government coffers last year. However, as alarming as that is, the attack could have been much worse. The IRS stated that only half of the roughly 200,000 malicious log-in attempts that its engineers detected have been successful, but that should come as little comfort to the 100,000 people whose personal information was compromised.
To mitigate the chance of that happening, the IRS is offering free credit monitoring to the victims of the breach (and won’t require personal details to verify eligibility, the statement stressed) in addition to other percussions. That diminishes the risk of fraud somewhat, but doesn’t take away from the worrying simplicity with which the hackers managed to gain access to such sensitive information.
With a newly published study from IBM revealing that nearly a third of breaches are the result of system glitches, it’s clear there’s much work to do in order to meet modern security requirements. That’s just as true for enterprises as the IRS.
Photo Credit: subcircle via Compfight cc
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
