The Internal Revenue Service has temporarily closed down their "Get Transcript" service that was available on their website, due to the theft of taxpayer information from about 100,000 households by hackers. At least, so far about a hundred thousand returns have been compromised.
The accounts were accessed through verification questions from February through May of this year, using personal information gathered from a variety of other sources, such as social media sites. The agency reports that only individual accounts have been compromised, and that their main computer system “remains secure.”
As part of a years-long effort to keep ahead of criminals, the IRS set up a new cybercrime unit earlier this month. The agency will be contacting holders of the approximately 200,000 accounts that were the subject of attempts to access them, by mail, and taxpayers are being urged to be wary of phishing scams by other criminals that might ask for personal data via email, telephone, or regular mail. The agency will also be offering free credit monitoring to affected taxpayers.
Watchdog organizations, such as the General Accountability Office, have been calling for tougher security measures at the IRS, due to the sensitivity of taxpayer data, and numerous potential vulnerabilities in the agency’s network and databases. The GAO also reports that the Department of Homeland Security’s cyber unit received 27,624 reports on incidents involving personal identity information from federal agencies in 2014, up from 10,481 in 2009.
A white paper released by Google this month found that personal identity verification questions are a poor security practice, with the answers to some common questions being easy to guess by hackers, with a success rate of between 20% and 40%, depending on the type of question.