As if there weren’t already enough reasons to resent the IRS, the agency that houses more of your personal information than most has announced that a data breach has compromised the sensitive data of around 100,000 taxpayers. The Internal Revenue Service is the latest organization to fall victim to a cyberattack, and somehow, experienced hackers managed to make away with a considerable amount of information that could be used to steal identities and claim fraudulent tax refunds.
On Wednesday, CNN reported that it is now believed that Russian hackers were behind the attacks, which were carried out from February to around mid-May. In order to access the accounts of the affected individuals, the hackers needed to have the name, Social Security number, date of birth, filing status (single, married, etc.) and street address of the victim, and then had to answer a security question, the kind that is often branded as one “that only you can answer.”
But as was reported last week, many of these questions are not so difficult to answer at all, and of the 200,000 accounts that hackers attempted to gain access to, they managed a 50 percent success rate, ultimately breaking into 100,000 user accounts. As Elizabeth Weise of USA Today points out, the relative ease with which hackers managed to steal personal information is indicative of a more insidious problem with data — once you have a little, it’s easy to get a lot.
In fact, much of the most sensitive information, like social security numbers, birthdays, and addresses, were obtained before the hackers ever made it to the IRS by way of third parties. And ultimately, the IRS admits, it is possible that the cybercriminals ultimately left with their victims’ full tax returns, including line-by-line descriptions of their wage, income, tax liabilities, and more.
The IRS will be sending letters to all affected parties, and for those whose information was compromised, will also be paying for credit monitoring. The Department of Homeland Security is also investigating the attack, so at the very least, taxpayers can be assured that no one is taking this matter lightly.
- If you’re a Best Buy customer, you may want to check your accounts
- Here’s how to check if Facebook shared your data with Cambridge Analytica
- What Is the GDPR? The EU’s Online Privacy Law: Explained
- IRS forces Coinbase to cough up tax data of 13,000 digital coin traders
- Hackers could have credit card numbers of 880,000 Orbitz users