Katie Kuehner-Hebert of CFO Online on the IRS being hacked and tax records for 100,000 people being remotely accessed:
Amid increasing concern over the security of Internal Revenue Service computer systems, the agency has disclosed that hackers accessed the personal tax data of more than 100,000 taxpayers in an effort to claim fraudulent refunds.
The IRS said it had determined late last week that “unusual activity” had occurred on its online service called Get Transcript, where filers can get tax returns and other filings from previous years.
The hackers used the personal data of taxpayers — including Social Security numbers, dates of birth, and street addresses — to clear a security screen and log on to Get Transcript, the IRS said.
The service has been shut down temporarily and the security breach is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ criminal investigation unit. The IRS will provide free credit monitoring services for the affected taxpayers whose accounts were accessed, including those for which the hackers couldn’t clear all the authentication hurdles.
I find myself somewhat unsurprised this happened considering how government agencies generally approach their own internal-facing cyber security postures.