IRS Targeted in Another Cyberattack
IRS recently admitted it yet again had been the target of a sophisticated cyberattack. In an attempt to steal the E-filing pins of over 460,000 social security numbers acquired in another attack to use to steal money through fraudulent tax claims. IRS reported that the attack was discovered while it was underway and that the hackers had managed to steal over 100,000 of the E-pins before they managed to stop it.
The IRS made a statement regarding the cyberattack its website “No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application”
Per TechWorldNews, “IRS cybersecurity experts are assessing the incident, and the service is working closely with other agencies and the Treasury Inspector General for Tax Administration. It also is sharing information with its Security Summit state and industry partners. The attack was not related to a temporary outage of IRS processing systems that occurred in January, the IRS said. The announcement comes less than a week after the IRS website experienced brief system outages due to a hardware failure. The outages affected electronic return processing, as well as several other systems provided by the service.”
This brazen cyberattack which by all reason was a successful attack, regardless of IRS spin, shows that any corporation or government entity is not immune to cyber-attack if it controls information that is more valuable than the effort required to acquire it. The silver lining in this situation is that the IRS cybersecurity team was able to stop the attack while it was in-progress.
This cyberattack is just another in a series of attacks that have sent the IRS reeling recently including an attack on the IRS’ “Get Transcripts” automated system and an automated attack against users’ online tax submission accounts. The E-pin filing authentication system is arcaic according to many cybersecurity experts and per Politico stated that “The tax world isn’t happy about it either. The “Get My Electronic Filing PlN” page gives online filers IRS provider numbers, but its reliance on basic information like birthdates and Social Security numbers for authentication leaves it vulnerable to “any data thief worth his salt,” as Joseph Henchman, a vice president at the Tax Foundation, put it in a bracing letter to IRS Commissioner John Koskinen.” A change is required to protect data and only requiring an SSN and a birthdate to confirm identity isn’t enough anymore.
Here are some of our blog posts to read in the meantime:
Potential Amazon Password Leak
Top 5 Cybersecurity Threats in 2015
Top 5 Cybersecurity Myths that May Surprise You
Microsoft State of Security Address Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.