Did you file your taxes online between February and May this year? Did you use the convenient “Get your Transcript Online” application to get your previous returns?
You might be in for a bad awakening.
Cyber criminals have gained unauthorized access to information of about 100,000 U.S taxpayers over the past four to five months.This is just the latest in a series of data thefts have alarmed U.S consumers.
The hackers gained access to the “Get Transcript Online” app which provides users information from previous returns and they have gained access to over 200,000 tax information files. John Koskinen has confirmed that more than a half of those attempts were successful.
Supposedly, the breach did not affect any IRS servers or data apart from the “Get Transcript Online” application. The agency is currently working on improving the security of its online services and applications.
The implicated vicious intent of these cyber criminals was to obtain as many pieces of information as they can, so they could submit fraudulent returns the next year, and the IRS believes that more than 15,000 fraudulent returns were made as a result of data breach, resulting in incorrect refunds of more than $50 million.
What is different in this “Hack” and data breach is that it did not involve a compromised computer or server. Rather, hackers used information they previously gathered about people in order to get access the system in a manner as it was designed to be used. Phishing and good old fashioned spying were the methods used in this case, rather than advanced coding and breaking the servers.
Agency promised that it will begin to notify affected taxpayers and also will provide free credit monitoring and “protection” for the victims that were affected from this data breach. What this protection implies is not clear. Their data had already been obtained before the IRS even got involved.
This shows, in a very clear light, that privacy is something that is to be taken seriously. Social Media is a great tool to connect with people and share information about yourself. So you tweet that your birthday is on the 3rd of January. And on facebook you complain about the fact that you just turned 26. I now know your date of birth. Through your Facebook friends list I find your mother, and her sister might still be unmarried, so there I have your mother’s maiden name, which is one of the most widely spread security questions. Easy Peasy.
For hackers and cyber criminals, this information is easily found and gathered to turn it into a searchable database, and once you allow access to just one bit of information of yourself, a criminal could easily go through your online life and get answers on some of your security questions – which is a security layer that can easily be bypassed, which can lead to private data breach.