Few government agencies routinely collect more information on every law-abiding American than the Internal Revenue Service. And by targeting the IRS, a group of seemingly sophisticated hackers has now collected their own chunk of that detailed data.
On Tuesday the IRS admitted that it had been the target of a breach that compromised 100,000 taxpayers’ files between February and the middle of this month. And though that may seem like a relatively small set of victims compared with recent breaches like the one affecting Target or the health insurer Anthem, the IRS says the attackers gained the full tax return transcript of the affected taxpayers, which could included a detailed dossier of their personal information including income and social security numbers. And that may have been enough to pull off a tax-refund-stealing scheme first reported in March.
Just as disturbing than the information stolen, in fact, may be the intel the attackers appear to have possessed about their targets before the breach. According to the IRS statement, the attackers used a collection of detailed personal information from another “non-IRS” source to crack the authentication process on a “get transcript” feature on the IRS website. For the full article click here