Social security numbers are the basis and entry point to hack when it comes to the cyber intrusion into the IRS. Given the software platform the IRS uses, which is outdated completely, there are warnings there could be more intrusions.
IRS Hack Far Worse Than First Thought
SAN FRANCISCO — A hack of the Internal Revenue service first reported in May was nearly three times as large as previously stated, the agency said Monday.
Thieves have accessed as many as 334,000 taxpayer accounts, the IRS said.
In May, the IRS reported that identity thieves were able to use the agency’s Get Transcript program to get personal information about as many as 114,000 taxpayers.
On Monday, the IRS said an additional 220,000 accounts had also been hacked. In all, 334,000 accounts were accessed, though whether information was stolen from every one of them is not known.
The hackers made use of an IRS application called Get Transcript, which allows users to view their tax account transactions, line-by-line tax return information or wage and income reported to the IRS for a specific tax year.
To enter the Get Transcript system, the user must correctly answer multiple identity verification question.
The hackers took information about taxpayers acquired from other sources and used it to correctly answer the questions, allowing them to gain access to a plethora of data about individual taxpayers.
The Get Transcript service was shut down in May.
Hackers love authentication-based systems because it’s very difficult to distinguish between “the good guys and the bad guys” when someone is trying to get in, said Jeff Hill of STEALTHbits Technologies, a cyber security company.
“Here we have a case where a successful authentication-based attack was discovered in May, and yet the IRS is still unclear of the extent of the breach’s damage months later. Even now, how confident is the IRS they fully understand the extent of the attack completely, or should we expect yet another shoe to drop in the coming weeks?” Hill said.
Notification of the increased number of hacked accounts came Monday.
In a statement the agency said, “as part of the IRS’s continued efforts to protect taxpayer data, the IRS conducted a deeper analysis over a wider time period covering the 2015 filing season, analyzing more than 23 million uses of the Get Transcript system.”
That analysis revealed an additional 220,000 accounts had also potentially been accessed.
In addition to accounts the hackers were successfully able to access, the IRS disclosed hack attempts that didn’t succeed. There were 111,000 attempts on accounts disclosed in May and 170,000 disclosed on Monday, for a total of 281,000 of accounts where the hackers “failed to clear the authentication processes,” the agency said.
Taxpayers whose information was potentially breached will get letters in the mail from the IRS in the coming days.
They will also get access to free credit protection and Identity Protection PINs, the IRS said in a statement.
1/2 TRILLION spent on IT upgrades, but IRS, Feds still use DOS, old Windows
Examiner: President Obama’s team has spent more than a half trillion dollars on information technology but some departments, notably the IRS, still run on DOS and old Windows, which isn’t serviced anymore, according to House chairman.
“Since President Obama has taken office, the federal government has spent in excess of $525 billion dollars on IT. And it doesn’t work,” said Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee.
In an address to the centrist Ripon Society, Chaffetz suggested that the slow change of the federal government’s IT led to the recent and historic hack of personal data of millions of current and former federal workers, including CIA and other clandestine employees.
“The IRS still uses the DOS operating system. You have a Patent office that just got Windows 97. They don’t even service Windows 97 anymore. And yet they just got it. So the procurement process is really, really broken in this regard,” he added.
Chaffetz also offered to praise for Obama’s pick to head the Office of Personnel Management, home to the massive computer hack.