An additional 220,000 potential victims had information stolen from an IRS website as part of an intricate scheme to use stolen identities to claim fraudulent tax refunds, according to the IRS. This brings the total number of potential victims to 334,000.
Well at least it was just the IRS, right? Not like the hackers could have obtained any sensitive information there.
The way the information was obtained is more than a little unnerving. The perpetrators accessed a system called “Get Transcript” that required sensitive information. You know, like Social Security numbers and dates of birth. Where did they get that? Stolen from other websites.
“The IRS’s failure to protect private and confidential information from cyber-attacks risks further fraud for hardworking taxpayers,” said Sen. Orrin Hatch, R-Utah, chairman of the Senate panel that oversees the IRS. “The agency should act swiftly to alleviate the damage for all those affected.”
The government has had a number of breaches to deal with lately – the number of people affected by the Office of Personnel Management breach earlier this year has grown to 21 million.
Incredibly, the IRS estimates it paid $5.8 billion – that’s billion with a “B” in fraudulent refunds to identity thieves in 2013 alone.
Time to invest more in cybersecurity?