The IRS breach in May was bigger than what was first reported by the agency as there were additional 220,000 potential victims whose personal information might have been stolen from the IRS website, the agency said on Monday.
The agency said the stolen information is used “to claim fraudulent tax refunds.” The thieves went through IRS using “Get Transcript,” where taxpayers can view their tax transactions and report income for a specific tax year. To access the data, the hackers used information obtained from other sources.
Good guys and bad guys
According to a report from USA Today, “hackers love authentication-based systems” because when someone attempts to access these kinds of systems, the latter will have difficulty distinguishing the good guys from the bad ones, as explained by Jeff Hill from STEALTHbits Technology.
“Here we have a case where a successful authentication-based attack was discovered in May, and yet the IRS is still unclear of the extent of the breach’s damage months later,” said Hill as quoted by USA Today.
“Even now, how confident is the IRS they fully understand the extent of the attack completely, or should we expect yet another shoe to drop in the coming weeks?” Hill continued.
Federal Employee Data Hack Discovered Through Product Demo, Says Report; Union Discloses Info Breached By Chinese Hackers
The number of accounts breached reached 334,000, the agency disclosed. But as to whether information from each of those potential victims was stolen is yet unclear. IRS issued a statement, saying “as part of the IRS’s continued efforts to protect taxpayer data, the IRS conducted a deeper analysis over a wider time period covering the 2015 filing season, analyzing more than 23 million uses of the Get Transcript system.”