APNewsBreak: IRS says thieves stole tax info from 100,000
Source: AP-Excite
By STEPHEN OHLEMACHER
WASHINGTON (AP) Thieves used an online service provided by the IRS to gain access to information from more than 100,000 taxpayers, the agency said Tuesday.
The information included tax returns and other tax information on file with the IRS.
The IRS said the thieves accessed a system called "Get Transcript." In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address.
"The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure," the agency said in a statement.
FULL story at link.
Read more: http://apnews.excite.com/article/20150526/us--irs-breach-175f4a63b7.html
onethatcares
(16,161 posts)"the IRS notes this issue does not involve..................................................; that system remains secure".
I mean who else ya gonna trust in these matters?
valerief
(53,235 posts)a kennedy
(29,615 posts)allan01
(1,950 posts)get a real job
lady lib
(2,933 posts)I wonder if the IRS will let me know if I'm one of the unlucky 100,000.
0rganism
(23,927 posts)"In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address."
once a thief has your SocSec number and can associate it with your legal name, the rest is relatively simple.
Thor_MN
(11,843 posts)Said another way, the social security number is your UserID, it should NEVER be used as a password. If anyone requests your SSN or part of it to verify your identity, you should tell them that is not acceptable. Use it as my account number and I don't care. Use it as my password, and I have major issues.
If anyone wants your SSN, it's out there. Don't allow it to be used as a password, to verify your identity.
Psephos
(8,032 posts)SSN should never be used except under force of law. Crypto 101.
Thor_MN
(11,843 posts)What are you going to do, assign each person a different random number for every transaction? Real World 101.
Psephos
(8,032 posts)Thor_MN
(11,843 posts)It talks about using the SSN to validate someone's ID, i.e. as a password. As a userID it isn't anymore reavealing than your name and address. The danger is when it is used as a password.
"The SSN is the ultimate password because its always the same, whether youre talking to your bank or your doctor, and so many companies use it to authenticate customers over the phone."
L0oniX
(31,493 posts)Hoppy
(3,595 posts)GusBob
(7,286 posts)Luckily nothing came of it