IRS Says Thieves Stole Tax Info From 100,000

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Isn't this just lovely, the IRS has been hacked. The agency is saying that thieves were able to gain access to information from more than 100,000 taxpayers. :(

Thieves used an online service provided by the IRS to gain access to information from more than 100,000 taxpayers, the agency said Tuesday. The IRS said the thieves accessed a system called "Get Transcript." In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address.
Click to expand...
 
At this point, everyone's SSN, name, DOB is likely already out there. This is just updating the address. :(

Not sure where to go from here...how to create a true "identity" of a person without loss of liberty, but that's ubiquitous enough to actually be useful? Particularly digitally.
 
Kill the f*cking IRS already. Everyone pay 15% and call it a day. How freaking hard is that?
 
And, after I actually RTFA, this "data breach" required that these criminals use full personal information they already had - name, address, DOB, SSN, as well as being able to correctly answer knowledge based questions, and then obtain tax return transcripts.

Interesting, this would seem to be a very targeted attempt to get even more detailed information on potentially high-net worth individuals, otherwise, why bother?
 
TwistedAegis said:
Not sure where to go from here..
Click to expand...

Actually prosecuting identity theft would go a long way into helping the problem(s). Both my wife and myself have had our credit/debit cards compromised and every time the companies wrote them off. Absolutely nothing was done other than "sorry for your inconvenience here's your money back." They do not care. Someone somewhere is raking in the insurance money.

A rant post of mine from the Blue Cross post a few months back:

eth3ton said:
Enough is enough! Fucking lawmakers need to get off their asses and do something. These companies just shrug their shoulders and move on with day to day business as usual, leaving a wake of bullshit along the way. Protect our goddamn data or don't store it!
Click to expand...
 
I'm a tax examiner at the IRS. I'd say that most of our systems are too old for most young hackers to even figure out lol. Though it'd cost me my job, I'm all for getting rid of the IRS and having a national sales tax instead. Even drug dealers and illegals have to buy stuff.
 
Doesn't sound like the IRS was hacked

Soundsike the thieves used information from previous hacks (Social Security number, address, etc) to access an IRS system the way it was designed to be accessed.

What do you do when the thieves know your SSN, mothers maiden name, address, phone number, etc, etc. For all any computer system knows, they are the real you.

We need some more reliable method of uniquely authenticating online. (But only when we want and need to)
 
eth3ton said:
Actually prosecuting identity theft would go a long way into helping the problem(s). Both my wife and myself have had our credit/debit cards compromised and every time the companies wrote them off. Absolutely nothing was done other than "sorry for your inconvenience here's your money back." They do not care. Someone somewhere is raking in the insurance money.

A rant post of mine from the Blue Cross post a few months back:
Click to expand...

What do you want the financial institution to do? Coddle your balls after the breach? The FI's eat nearly 100% of all the data breach losses while the merchants continue to get off unscathed. Direct your anger where it should be - the merchant that allowed your personal data to be stolen, not the FI that sucks it up and takes a loss every time one of these store breaches happen. Again, I'm not sure what you want from the FI's... the PCI regs don't give us much information other than where you transact business and for how much.
 
eth3ton said:
Absolutely nothing was done other than "sorry for your inconvenience here's your money back." They do not care.
Click to expand...

I'm not sure exactly where you're getting they do not care when this is costing companies billions each year. I know my mega bank employers cares a lot but finding these people and getting law enforcement to prosecute these crimes is far easy much of the time.

Of course a lot more can be done and I think in the coming years we're going to see much more security implemented on the front end with things like more two factor authentication, location tracking and the such. But in order for these things to work they have to be seamless and transparent and cost effective to deploy widely.
 
haste. said:
What do you want the financial institution to do? Coddle your balls after the breach? The FI's eat nearly 100% of all the data breach losses while the merchants continue to get off unscathed. Direct your anger where it should be - the merchant that allowed your personal data to be stolen, not the FI that sucks it up and takes a loss every time one of these store breaches happen. Again, I'm not sure what you want from the FI's... the PCI regs don't give us much information other than where you transact business and for how much.
Click to expand...

The problem here is that those same "FI's" find ways (higher fees, lower savings return rates, higher interest on loans, etc.) to get their money back. They don't "eat" anything over the long run. They just get it back in smaller pieces from EVERYONE, rather than doing anything about it.
 
Watjalukinat said:
I'm a tax examiner at the IRS. I'd say that most of our systems are too old for most young hackers to even figure out lol. Though it'd cost me my job, I'm all for getting rid of the IRS and having a national sales tax instead. Even drug dealers and illegals have to buy stuff.
Click to expand...

That's a really good idea, actually. No loopholes to find that way either. That'd end lobbying pretty quick.
 
How did they find an intact hard drive at the IRS anyway?
I take it that info was NOT on the email servers...;)
 
eth3ton said:
Actually prosecuting identity theft would go a long way into helping the problem(s). Both my wife and myself have had our credit/debit cards compromised and every time the companies wrote them off. Absolutely nothing was done other than "sorry for your inconvenience here's your money back." They do not care. Someone somewhere is raking in the insurance money.

A rant post of mine from the Blue Cross post a few months back:
Click to expand...

Sorry for the thread necro, but how do you propose the United States prosecute individuals in unfriendly countries, who so long as they don't commit crime against their host country, they leave them alone? Primarily Russia/Eastern Europe.

Further, there is a ton of crime in a world of scarce resources. At what point do you expend the resources to determine if this individual debit card theft was the work of a single person stealing a single card, or part of a broader trend? This crosses jurisdictions, sources of the breach differ, etc.

It's massively complex - without a more secure way of identifying people and transmitting payment information (changing the reward for going after this info), it isn't going to change.
 
You must log in or register to reply here.
Back
Top