- The IRS announced late Tuesday that its Electronic Filing PIN application was subject to an automated attack that the agency was able to discover and stop.
- The "identity thieves" used malware to try and generate E-File PINS from stolen social security numbers. The PINs are used as an additional layer of security for some tax returns. In combination with stolen SSNs, identity thieves could use the PINs to file fraudulent tax returns.
- Identity thieves used 464,000 unique SSNs in their attack, but only 101,000 of those SSNs successfully accessed a PIN.
Recently, the IRS has had a tough time. In an unrelated incident, last week the IRS tax processing systems suffered an outage, just as tax season is getting started.
With concerns about cybersecurity reaching a fever pitch in the federal government, officials are going to look to the IRS to perform and protect citizens filing their taxes. The IRS said no personal taxpayer data was compromised in the E-filing PIN breach and the agency is taking steps to notify impacted taxpayers.
When identity thieves successfully file fraudulent tax returns, they receive the funds intended for the rightful taxpayer. Rather than exposing directory information like what happened to the FBI and Department of Homeland Security earlier this week, identity thieves can receive money directly from the federal government if their efforts prove successful.
The Obama administration is starting to get serious about cybersecurity. The administration wants to allocate $19 billion of its $4.1 trillion budget for cybersecurity. To top it off, the White House is looking to appoint its first ever Chief Information Security Officer to help coordinate all federal agencies. The CISO will be responsible for promoting strong cyber hygiene and improving computer security.