Attackers using malware and stolen personal information managed to generate 101,000 e-filing PIN numbers, according to the IRS. Affected taxpayers will be notified by mail, and their accounts will be monitored.
The attack, which happened last month, was carried out by attackers who already had access to the Social Security Numbers (SSNs) of 464,000 people, according to the IRS. An automated system, detected by the IRS, managed to generate 101,000 e-filing PIN numbers before the scheme was shut down.
The attack was revealed to the public yesterday via a statement from the IRS, which briefly outlined what happened.
“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers,” said the statement. “An E-file pin is used in some instances to electronically file a tax return.”
The IRS was quick to state that “no personal taxpayer data was compromised or disclosed by IRS systems,” and that the attackers had access to the SSNs prior to the attack. In essence, having access to the SSNs is what made the attack effective.
There’s a massive amount of leaked personal information available in online black markets, including databases of leaked SSNs. Would-be fraudsters are always looking for new ways to monetize this purloined data. And this is an example of turning raw materials — a database of social security numbers — into something potentially more lucrative — a database of working e-file pins. Stealing even a small fraction of that many people’s tax rebates would certainly be profitable, and seemingly valid e-file pins could go a long way toward making that possible.
The incident, which happened last month, was not related to last week’s brief IRS outage.
“IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration,” said the statement. “The IRS also is sharing information with its Security Summit state and industry partners.”
Online security is hard, but it is essential when it comes to tax data. Remember: keep personal information like your social security number to yourself, and never share it over email, IM, or social networks.
Related Posts
This extraordinary humanoid robot plays basketball like a pro, really
Digital Trends has already reported on the G1’s ability to move in a way that would make even the world’s top gymnasts envious, with various videos showing it engaged in combat, recovering from falls, and even doing the housework.
How to Use Pollo AI Video Generator: A Step-by-Step Guide
Here we’re talking about the Pollo AI video generator which can be used with a variety of prompts, and I’ll talk you through using each one.
This 49-inch curved Samsung ultrawide is down to $799.99 and basically replaces two monitors at once
You’re getting a massive 49-inch curved Dual QHD panel, 120Hz refresh rate, USB-C, HDR400, and an adjustable stand that’s built for serious productivity but still fast and smooth enough for after-hours gaming.