Yes, the IRS Data Breach Should Cause Concern

Riley Walters / August 20, 2015

Recent news on the illicit access of the IRS’s systems, back in May, now shows almost three times as many accounts were accessed than originally reported.

The additional 220,000 accounts brings the number of taxpayer information potentially taken up to 334,000 – adding fuel to fire over personal security in a digital world.

Unfortunately this breach does not come as a surprise to cybersecurity experts.

The IRS Get Transcript program, which was illegally accessed, allows taxpayers a simplified way of accessing their tax history, and documents online – but not before being prompted with personal questions to confirm user authenticity.

>>> To read more on this topic: Continuing Federal Cyber Breaches Warn Against Cybersecurity Regulation.

The reported “third party” was only able to access the Get Transcript of these 330,000 people with personal information such as social security numbers, birth dates, and addresses they had gathered prior to accessing the IRS website.

By cybersecurity definitions, this was not a hack since there was no technical flaw or malicious accessibility through the Get Transcript system or IRS website. So what the IRS is experiencing is something more akin to identity theft or espionage than cyber hacking, and is still very concerning, as the loss of information has occurred nonetheless.

In the aftermath of the hack on the Office of Personnel Management (OPM) which resulted in the theft of 22 million federal employee’s personal information (It’s no surprise that online thieves have the necessary personal information of taxpayers to access these documents).

The IRS breach, in addition to the OPM hack, continues to raise serious questions regarding the government’s competency in securing important information.

The Heritage Foundation will release its next report in October updating the list of federal data breaches for 2015, along with a list of cyber attacks on U.S. companies.