IRS Data Breach Three Times Bigger than First Reported

1136 0

The U.S. Internal Revenue Service (IRS) has reported that the hack into its computer databases, was much more extensive than first thought. The IRS said tax return information of about 114,000 U.S. taxpayers had been illegally accessed by cyber criminals over the preceding four months, with another 111,000 unsuccessful attempts made.

A new review has identified 220,000 additional incidents where data was breached, the tax collection agency said. It identified another 170,000 suspected failed attempts by third parties to gain access to taxpayer data. Former FBI cyber agent and security experts from tripwire and lancope commented on IRS breach.

Ken Westin, Senior Security Analyst for Tripwire :

“This is a perfect example of how unrelated data breaches emperil us all. Cybercriminals have identified ways to correlate and aggregate data compromised in other breaches to increase their profits.

The information that was used such as  Social Security numbers, date of birth, tax filing status (married or not) and street address is the same type of information that we have seen compromised by Anthem and a handful of other breaches.

When a breach of a system like this occurs, it is always a challenge to identify the scope.

The entire database itself was not compromised directly, instead the data was harvested from legitimate website forms making it more difficult to identify which requests were fraudulent and which were legitimate.

This attack highlights the fact that Big Data isn’t just something utilized by legitimate businesses but also cyber criminals and fraudsters. The data used to perpetrate this attack was originally harvested from multiple sources, including open source data and data from other breaches. In this case the criminals were able to quickly correlate disparate data sets to create complete profiles; once this was completed they then automated the IRS “Get Transcript” form submission to extract additional information that can then be used to file fraudulent tax returns.”

Leo Taddeo, CSO of Cryptzone, and former Special Agent in Charge of the Special Operations/Cyber Division of the FBI’s New York Office :

This case highlights how easy it is for criminals to find, steal or guess information necessary to bypass perimeter protections. Even security questions, such as “what was your high school mascot?” pose no real security challenge in an era where many people are posting the details of their lives on social media.  It definitely shows the need for network defenders to go beyond user names and passwords to protect sensitive data.

Gavin Reid, VP of Threat Intelligence, Lancope :

“The IRS would have much preferred to get all the bad news out in one shot. This new revelation shows that the IRS still is working out – learning the details of the attack. The fact they are forced to reveal new exposures highlights the lack of good logging and monitoring of network telemetry. Understanding the total extent of an attack is doable with tools and processes well understood and available. Why they are not more widely deployed and used, along with how that is going to change in the near future,  will hopefully soon also be in the news.”


If you are an expert on this topic:

Submit Your Expert Comments


In this article