Hackers were recently able to break into the IRS and steal taxpayer identification numbers. The agency was able to detect the attack and shut it down on Tuesday. The breach means that it may be possible for the hackers to file fraudulent tax returns. The attack was done by attempting to obtain e-filing pins from over 450,000 stolen social security numbers. Attempts involving about 100,000 of those social security numbers were successful, the IRS said in a statement.
The IRS stated that the attacks did not originate in their system. It appears as though the social security numbers were stolen outside the IRS, and then used in the attack. They added that “no personal taxpayer data was compromised or disclosed” by its systems. The IRS said it will notify people affected by the attack and will mark their accounts to guard against identity theft.
All of this is part of why President Barack Obama proposed, on Tuesday, to spend $19 billion on more secure technology for the government. If approved, the funds would help in efforts like recruiting cybersecurity experts, reducing reliance on unsafe items like social security numbers. “The caliber of the enemy we’re facing is incredibly sophisticated and global,” IRS Commissioner John Koskinen told the Senate Finance Committee at a hearing Wednesday, in response to a question about the most recent hack. The attackers are professionals that steal sensitive data from their targets, government and financial institutions throughout the world.
Attacks like these have become more prevalent as more tax filing and banking is done online. In the US 150 million tax returns are expected to be filed this season, with 80 percent of them expected to be filed online.
Despite storing a massive trove of data on American citizens, the federal government has struggled to protect it from hackers. That includes the IRS, which hackers attacked last year to steal tax records of perhaps 300,000 people. The agency has even struggled with fraudsters in its ranks; on Monday it successfully prosecuted an employee for identity theft and conspiracy to commit bank fraud.
Article via CNET, 10 February 2016