Criminals steal 100,000 taxpayer records from IRS systems

[Scorpus]

Criminals have infiltrated the United States' Internal Revenue Service (IRS) systems, stealing the tax records of around 100,000 taxpayers through the IRS website's Get Transcript application.

The good news is that attackers didn't steal the information via a direct hack or unpatched hole in the IRS' systems. The bad news is that weak authentication of taxpayer information contributed to the data theft, with the thieves accessing accounts via stolen personal information that was likely acquired through a data marketplace.

The Get Transcript application is a feature of the IRS' website that allows taxpayers to download their tax return and tax payment data. To access this information, a user simply needs to enter an email address and Social Security number, followed by some personal verification information that included the user's date of birth, address and tax filing status.

This type of verification system is vulnerable to fraud as the personal information used for verification never changes. If a criminal can gain access to this information, such as through a breach of another system, they can simply enter it into the IRS system to gain easy access to tax and income information.

Thieves attempted to access around 200,000 accounts through the Get Transcript application, however half of the verification data in the hands of the thieves was incorrect. The IRS will be sending letters to all 200,000 affected citizens, notifying them of the third-party theft of their Social Security numbers and attempted unauthorized access of their accounts.

The IRS will also offer free credit monitoring to all the affected taxpayers to ensure any stolen data isn't being used for fraudulent activity. On top of this, the IRS will mark all affected accounts in their systems as potential targets for identity theft.

While the IRS notes that "this issue does not involve its main computer system that handles tax filing submission", the government agency has temporarily shut down the Get Transcript application to prevent further misuse. The IRS states that they will work "aggressively" to protect affected taxpayers and strengthen their security systems going forward.

Permalink to story.

https://www.techspot.com/news/60802-criminals-steal-100000-taxpayer-records-irs-systems.html

 

[Libertarian]

Those at the IRS who are responsible for taxpayer information security will no doubt be rewarded with promotions for their "great work."

 

[Guest]

You should see John Oliver about IRS
www.youtube.com/watch?v=Nn_Zln_4pA8
When there under funded, and government has to buy them all new equipment, what they have is really really old.

 

[cliffordcooley]

I see Data Miners (IRS included) being just as criminal.

It is bad enough we have places like IRS holding data indefinitely on (according to the post above) old equipment, even if it is out of date. If the government is going to hold personal data on everyone, there should be no excuse as to why they can't keep it secure. Another example as to why they treasure their secrets, more than they treasure the people.

 

[Guest]

There should be a death penalty for the criminals who engaged in illegal hacking activites. That's the only way to make the criminals think twice about committing this stuff.

 

[Tanstar]

There should be a death penalty for the criminals who engaged in illegal hacking activites. That's the only way to make the criminals think twice about committing this stuff.

Right. We rarely give the death penalty to murders and never to rapists and child molesters, but hackers need to be put down! That was sarcastic, for anyone too stupid to catch it.