During a news conference on May 26, 2015, Internal Revenue Service (IRS) Commissioner John Koskinen revealed that skilled organized crime groups stole tax return information in targeted attacks during February May 2015.
In about 200, 000 attempts to access personal tax returns through the IRS website Get Transcript function, about half of the attempts were successful.
Commissioner Koskinen offered the view that the attackers goal was to acquire legitimate taxpayer information for use in fraudulent tax filings in the future.
The IRS said that the systematic theft of taxpayer information was not accomplished by hacking into the system; rather, the attackers already had sufficient information to get into the Get Transcript function by normal means. By gaining access through the public access portal, Koskinen said that the data thieves would have had to have out of wallet information such as a person favorite vacation spot or first car information likely gleaned from social media.
The IRS will begin notifying the taxpayers affected by the thefts this week.
Analyst comment:
Pinkerton strongly recommends that people not post to Facebook, Twitter, LinkedIn, or other social networking media any information that correlates to standard security questions typically used for "I don’t remember my password" functions anywhere else. People should never identify in open source Internet media such things as their mother’s maiden name, first car, elementary school name, or personal information like addresses. All of those data points can be mined from a social media page in an hour by a thief who knows what to look for; and all of that information put together typically paints a very thorough picture of a person’s life all of which tends to be used for convenience sake for passwords, usernames, password hints, etc.
Prepared by: Victoria Allen, the United States