As many headlines will read that the Internal Revenue Service has been hacked, let me put your mind at ease (somewhat) they have not. The Internal Revenue Service, IRS, the evil empire, whatever name you choose to describe this branch of government has been the victim of faulty security and weak authentication that they use to protect millions of people’s personal information. Is anyone truly surprised by this?
The IRS announced on Tuesday that they had shut down their Get Transcript application after noticing “unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application.” An initial review of that activity revealed “access was gained to more than 100,000 accounts through the Get Transcript application,” according to the IRS statement.
The major issue with their security is that they continue to use knowledge-based authentication system which is still highly vulnerable to fraud, especially when someone has bits and pieces of your personal information. The IRS is investigating activity for people filing fraudulent tax returns and transfers of tax refunds.
The IRS is stating that attempts on over 200,000 accounts were made but only half of those were successful. The service was designed to allow taxpayers to gain access to “tax account transactions, line-by-line tax return information, or wage and income reported to us for a specific tax year.”
While it seems that about 100,000 taxpayers have had their data accessed, the IRS will be “sending a letter to all of the approximately 200,000 taxpayers whose accounts had attempted unauthorized accesses, notifying them that third parties appear to have had access to taxpayer Social Security numbers and additional personal financial information from a non-IRS source before attempting to access the IRS transcript application,” the agency said in its statement.
It will be interesting to see how government agencies will use this breach (if they even do at all) to update their security. After hacks and data breaches in department stores, cloud storage and many healthcare facilities, you would expect the Unites States government to take more precautious in the protection of our personal information. I almost said that last line with a straight face.