IRS Says Data Breach Hit Worse Than Thought

The damages of the cyberattack that hit the one of the Internal Revenue Service’s computer databases earlier this year was actually more extensive than the agency originally thought.

The damages of the cyberattack that hit one of the Internal Revenue Service’s computer databases earlier this year was actually more extensive than the agency originally thought.

Back in May, the IRS announced the data from tax returns for roughly 100,000 households was stolen by cybercriminals who used the IRS’ online services to hack the database.

But yesterday (Aug. 17) the agency said an additional 390,000 taxpayers were potentially affected, The Wall Street Journal reported.

The IRS confirmed the new estimate includes nearly 220,000 additional households “where there were instances of possible or potential access.” In a statement, the agency explained there were roughly 170,000 additional instances of “suspected attempts that failed to clear the authentication processes.”

Similar to its statements surrounding the initial reports of the cyberattack, the IRS said it would immediately notify affected taxpayers as well as offer free credit protection services.

The cybercriminals used a system called “Get Transcript,” which is a place taxpayers can access tax returns from prior years. The thieves were able to override a security checkpoint that includes information about the taxpayer — which included data like Social Security numbers, birthdates, tax status and street addresses.

“The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for ‘Get Transcript,’ including by enhancing taxpayer-identity authentication protocols,” the agency said in the statement.

Shortly after the IRS’ announcement of the data breach, the agency was accused of skipping critical steps that may have prevented the incident from happening.

In June the Treasury inspector general told Congress the IRS failed to implement security upgrades to its computer systems. While it cannot be said for certain if the security upgrades would have prevented or minimized the impact of the breach, the hackers would have most certainly faced more difficulty.

“I can say it would have been much more difficult had they implemented all of the recommendations that we made,” Treasury Inspector General J. Russell George said at the time.

George also confirmed that some of the thieves were from Russia, which was in line with announcements made by IRS Commissioner John Koskinen shortly after the attack.

According to Koskinen, at the time of the data breach, the thieves had claimed about 13,000 refunds — totaling nearly $39 million — using information stolen from the IRS website, but he stressed that, in his opinion, the missing upgrades would not have prevented the breach.

“These are criminal syndicates that are not bound by geographic limits,” Koskinen said. “They may be operating in one country, but they’re operating across country lines, and they’re oftentimes operating in conjunction with each other or selling data back and forth to each other.”

[vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][/vc_column][/vc_row][vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][vc_single_image image=”148412″ alignment=”center” style=”vc_box_shadow_3d” border_color=”grey” img_link_large=”” img_link_target=”_blank” css_animation=”left-to-right” img_size=”full” link=”http://www.pymnts.com/whats-hot-today/”][vc_column_text css_animation=””]

To check out what else is HOT in the world of payments, click here.

[/vc_column_text][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][/vc_column][/vc_row]