It's not just American businesses under attack from cyber-criminals, but government agencies too. IRS Commissioner John Koskinen admitted Tuesday that thieves managed to steal information on more than 100,000 taxpayers from the agency, though he insisted the data breach didn't affect most average taxpayers or the information they file in their annual returns.
Similar claims have been made before and usually the full scope of the breach is far worse than initially thought.
The breach led to thousands of fraudulent returns being filed, though the final details about the amount the criminals stole has not been disclosed. Mr. Koskinen predicted it will be less than $50 million though the basis for this estimate is unknown.
“This is not a security breach. Our basic information is secure,” Mr. Koskinen insisted in a call with reporters to discuss the data breach. The Commissioner described the breach as coming from from online access by fraudsters, who he described as part of an organized criminal syndicate.
The IRS is sending out notices to those they have determined were compromised by the breach. They've also opened a criminal investigation into the incident.
Mr. Koskinen admitted that the fraudsters were exploiting a specific application, called the Get Transcript program, which allowed them to dig up more information on taxpayers, including their full tax returns dating back five or more years.
It remains unclear why, if the criminals could access full tax returns, the IRS doesn't believe full identity information was compromised.
The breach was discovered after noticing odd Internet activity for the tax filing season. The discovery was not made until the middle of this month, and have since been scrambling to get a handle on what exactly happened.
From the Commissioners conflicting reports it appears that process is still ongoing.
Congress was alerted to the breach last week, but for some reason kept the information quiet, compromising victims, who may be held liable for related fraud, for a full week.
Ancient lawmakers who have very little awareness of modern information systems, the internet or technology in general found the breach "eye openeing", despite its relatively small scale compared to attacks on Target or Home Depot, which saw hundreds of millions of victims.
“That the IRS — home to highly sensitive information on every single American and every single company doing business here at home — was vulnerable to this attack is simply unacceptable,” said Sen. Orrin G. Hatch, Utah Republican and chairman of the Senate Finance Committee, which oversees the agency.
The IRS will pay for a credit monitoring service for the 104,000 people whom the IRS admits had their information stolen.