It’s scary when you think about a government institution like the Internal Revenue Service being hacked, and it forces you to wonder just how safe and secure you are when entering personal information online. It turns out that the recent IRS hack was intended to be much bigger than it turned out to be, although it was still a large-scale attack. Hackers were able to use a feature on the IRS website to steal information, which is bad news on a few different levels.
Scale and Implications of the Hack
In 2015, hackers were able to come away with personal information from more than 100,000 people. Although this number seems substantial in the first place, it only represents about half of the 200,000 people that the crime syndicate had targeted. The attack didn’t just leak personal information like names and birthdays, but also financial information that can be used to acquire tax returns. Hackers got right to work, and used the information to claim thousands of tax returns. With all of this information in the wrong hands, criminals can convincingly open credit lines and bank accounts under other people’s identities.
How It Was Done
The key to the hack was the IRS website, specifically a tool called Get Transcript. What was supposed to be a tool to help people download old forms turned into a convenient way for criminals to gather a great deal of personal information at once. The IRS shut down the feature, but only after the damage was done.