News
Identity thieves obtain 100,000 electronic filing PINs from IRS systems - expert comment
February 2016 by
The IRS has released some details on a data breach that involves personal data of taxpayers who use the IRS’s e-file website. The personal information was first obtained from another, unidentified source(s) – not the IRS – and was then used to log into the IRS website to obtain personal ID numbers used to file tax returns.
Ars Technica reported:
The US Internal Revenue Service was the target of a malware attack that netted electronic tax-return credentials for 101,000 social security numbers, the agency disclosed Tuesday. Identity thieves made the haul by using taxpayers’ personal data that was stolen from a source outside the IRS, according to a statement. The attackers then used an automated bot against an application on the IRS website that provides personal identification numbers for the electronic filing of tax returns. In all, the hackers made unauthorized queries against 464,000 social security numbers but succeeded against only 101,000 of them. No personal information was obtained from the IRS systems. Agency officials are flagging the accounts of all affected taxpayers and plan to notify them by mail of the incident. The IRS is also working with other government agencies and industry partners to investigate the hack or stem its effects. The hack occurred last month
The full story: http://arstechnica.com/tech-policy/2016/02/irs-website-attack-nets-e-filing-credentials-for-101000-taxpayers/
