The IRS recently released a statement which indicates that a breach of its online Get Transcript system has taken place and that more than 100,000 personal accounts have been compromised.
The report states that hackers made their way into the Get Transcript site that allows taxpayers to retrieve data regarding their tax returns and financial transactions with the U.S. government. That website has access to information about users’ names, addresses, Social Security numbers, and other such sensitive data. A user needs only a Social Security number and email address to make an account; that same user must then answer personally-identifying questions that look for information such as date of birth and home address.
Unfortunately, it is that sort of knowledge-based authentication, says a report on the issue at Ars Technica, that can be weak because the information never changes. It can be relatively easy for hackers to get information about when a person was born of where he has lived. From there, hackers only need to enter the system with an SSN and email address to begin to process of stealing all the data inside.
The IRS maintains that hackers did not breach the main systems that allows taxpayers to file their taxes each year. “That system remains secure,” it says.
Still, there are more than 200,000 people who could receive letters from the government in the coming weeks. The IRS has disabled Get Transcript and will be alerting the people whose data may have been stolen. Hackers attempted to gain access to data for about 200,000 people, but only half of those attempts were successful. Still, that entire population will be notified while approximately 100,000 will receive access to a free credit monitoring service because their information was accessed and could lead to future fraudulent use. Such data could result in the opening of credit cards or other financial accounts, so users should be alert.
In the meantime, the IRS says it will work to increase the security of its Get Transcript system and will not reopen that Web portal until security has been improved. It will continue to conduct an investigation into this latest matter to help prevent future fraud and protect taxpayers into the next tax filing season.
Image courtesy of Alan Cleaver via Flickr.