This Week in Breaches: The US IRS
On February 9, 2016 the United States Internal Revenue Services released a statement that they had ‘identified and halted an automated attack’ on their website with the Electronic Filing PIN application. This application can be used to electronically file taxes. The IRS noted that it was personal information stolen from outside the agency and that identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. These thieves had access for 101,000 SSNs.
This breach follows in the heels of last year’s IRS breach which allowed thieves to obtain personal information from over 300,000 tax payers. In this instance, hackers stole the personal data by gaining access to submitted tax return forms, through use of IRS software called “Get Transcript”. When first reported, the number of taxes payers was only 100,000, it would come to no one’s surprise if this current breach yields a higher victim count.
The IRS has taken immediate steps to contact all those who have been compromised by mail, as well as marking them to further protect against any ‘tax-related identity theft’. The IRS, alongside other agencies are currently assessing and monitoring this situation.
So What Is the Take Away?
Week after week stories are unveiled about data breaches due to compromised credentials and this trend is likely to keep rising. Your credentials are the keys that open doors to the online world, and just like your physical real-life keys, you don’t want them in the hands of a stranger. Cyber-criminals will always find the weakest point to hack into systems, and that weak point is almost always your credentials.
Having an online account hacked is never a good thing, but having your identity stolen is the ultimate breach to your cyber security. Be smart online, regularly update your passwords and make them difficult. Wherever possible implement a two- factor authentication process, and NEVER, EVER click on a link that you think looks suspicious. Even then, always double check pop up box when you hover over a link, to make sure it’s taking you to the right place!
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
Follow us on LinkedIn and Twitter for current company and industry news.