IRS Data Breach Suspected to be Worse than Originally Thought, Affecting Over 300,000 Taxpayers
Cybercrooks have commonly been known for attacking large companies and even government outfits, including a recent attack earlier this year on the IRS to collect U.S. taxpayer data. As it turns out, the IRS's data breach was much worse than they originally thought where it may affect upwards of 300,000 U.S. tax payers relinquishing their personal data.
In a cybercrook attack on the IRS earlier this year, it was suspected that just over 100,000 taxpayer records were stolen in a data heist. After some reevaluation, the IRS has come back and claimed that the hackers were able to gain access to over 300,000 taxpayer accounts after attempting to breach over 600,000 accounts initially.
The IRS' announcement of their data breach being worse than originally thought comes about this week as they continue to believe that the thieves were able to steal data through their "Get Transcript" online application. The process in which the thieves took to initially gain access was believed to start with the theft of Social Security details, birth dates and street addresses. Most of this data was pertinent to start the process for the "Get Transcript" requests through a multistep authentication process in the app on the IRS website.
Fortunately, the Get Transcript app was shut down in May and the notification of nearly 220,000 newly-affected taxpayers are in the process of being notified of their personal information being at risk. The IRS is not taking any chances even though the efforts of the cybercrooks is said to have failed to access additional records and collect the onslaught of data that they initially set out to gather.
For the 300,000 or so potential victims of the data breach, the IRS is offering free credit protection and "Identity Protection PINs." While the Get Transcript app remains unavailable, the IRS is steadily at work strengthening the security for the app and program by enhancing taxpayer-identity authentication protocols. Such protocols can be compared to methods that online banking institutions use to verify the identity of their consumers. Though, with the IRS the back-end data becomes a wide open can of worms considering how much data the IRS has on taxpayers around the country – much more than the average bank in most situations.
Currently, the IRS data breach from earlier this year remains under review by the Treasury Inspector General for Tax Administration as well as the IRS' own Criminal Investigation Unit. The perpetrators for the data breach have yet to be caught and the government will continually be on the lookout for them and closely monitor other related cybercriminal activity to potentially lead them to the sources.