The federal government’s non-military networks are a mess, which is why attackers have been focusing their efforts on hacking them. One of the agencies bitten in the ass was the Internal Revenue Service (IRS). Personal information for 100,000 people was leaked through one of the IRS’s online services. I’m sorry, did I say 100,000? I meant 334,000:
WASHINGTON (AP) — A computer breach at the IRS in which thieves stole tax information from thousands of taxpayers is much bigger than the agency originally disclosed.
An additional 220,000 potential victims had information stolen from an IRS website as part of a sophisticated scheme to use stolen identities to claim fraudulent tax refunds, the IRS said Monday. The revelation more than doubles the total number of potential victims, to 334,000.
The breach also started earlier than investigators initially thought. The tax agency first disclosed the breach in May.
The thieves accessed a system called “Get Transcript,” where taxpayers can get tax returns and other filings from previous years. In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address, the IRS said.
We again see why even if you have nothing to hide you have plenty to worry about. You may not have done anything wrong, although that’s highly improbable, but any data collected on you can easily wind up in the wrong hands. In this case Social Security numbers, birth dates, street addresses, and tax filing statuses for 334,000 people ended up in unknown hands. Had that data not been collected in the first place it wouldn’t have been available to steal.