Hackers accessed the servers at the Internal Revenue Service to
steal data from as many 100,000 taxpayers, the agency disclosed today.
The thieves accessed the data
through an online service provided by the IRS and took financial data related
to users’ actual tax returns.
An online service called “Get Transcript” provided the front door through which
the thieves entered, according to the Associated Press. Get Transcript provides
a list of a taxpayers’ various interactions with the agency over time.
The thieves had
to have some knowledge of the taxpayer in order to steal his or her data; a
security gateway required the entry of a Social Security number, date of birth,
tax filing status, and a street address.
By providing one of a few
pieces of secure information at the front door, the hackers gained access to a
large set of financial data that can be used in all manner of identity
theft-related crimes. It’s not yet known what specific data points the hackers
used to pass the security screen.
The IRS said in a statement that
its main server system that processes tax returns was not breached.
“In all, about 200,000 attempts
were made from questionable email domains, with more than 100,000 of those
attempts successfully clearing authentication hurdles,” the IRS said.
“During this filing season, taxpayers successfully and safely downloaded a
total of approximately 23 million transcripts.”
This is the latest in a string of
large data thefts in the past year. Others include Anthem Health, Home Depot, and Community Health Systems.
But the IRS is the first major hack of a data center run by the federal
government. It’s also troubling because of the richness of the set of private
financial data contained in the servers.
Source: venturebeat.com
No comments:
Post a Comment