The latest online data breach didn’t victimize another major retailer. Instead, this one went after federal tax data at the Internal Revenue Service. According to the IRS, the records of over 100,000 were accessed. The thieves utilized data such as social security numbers stolen probably by other hackers from other sources to log into the “Get Transcript” service on the IRS website. (This supposedly-secure IRS software allows a taxpayer, or successful hacker, to get tax return transcripts similarly available via filing a paper 4506-T form.) The IRS is notifying all affected taxpayers as well as offering them credit monitoring services; it has also temporarily suspended the “Get Transcript” service.
The IRS believes the data breach originated from Russia and took place over several months beginning in February. Both the IRS Criminal Investigation Unit and the United States Treasury Department are trying to identify the perpetrators and take steps to better protect the integrity of sensitive taxpayer information. In addition, the Finance Committee of the United States Senate scheduled a hearing on Tuesday on the cyber theft.
Despite this, government reports and audits for quite a few years have warned about the possibility of just such incidents as well as other IRS security weaknesses such as failure to conduct background checks on its employees. IRS officials have generally agreed with these assessments but, as could be expected, place the blame on budget cuts and advocate increased government spending as the answer.