On Wednesday, CNN reported that it is now believed that Russian hackers were behind the attacks, which were carried out from February to around mid-May. In order to access the accounts of the affected individuals, the hackers needed to have the name, Social Security number, date of birth, filing status (single, married, etc.) and street address of the victim, and then had to answer a security question, the kind that is often branded as one “that only you can answer.”
But as was reported last week, many of these questions are not so difficult to answer at all, and of the 200,000 accounts that hackers attempted to gain access to, they managed a 50 percent success rate, ultimately breaking into 100,000 user accounts. As Elizabeth Weise of USA Today points out, the relative ease with which hackers managed to steal personal information is indicative of a more insidious problem with data — once you have a little, it’s easy to get a lot.
In fact, much of the most sensitive information, like social security numbers, birthdays, and addresses, were obtained before the hackers ever made it to the IRS by way of third parties. And ultimately, the IRS admits, it is possible that the cybercriminals ultimately left with their victims’ full tax returns, including line-by-line descriptions of their wage, income, tax liabilities, and more.
The IRS will be sending letters to all affected parties, and for those whose information was compromised, will also be paying for credit monitoring. The Department of Homeland Security is also investigating the attack, so at the very least, taxpayers can be assured that no one is taking this matter lightly.
