The Internal Revenue Service recently stated that a previously-disclosed cyber attack, which exposed taxpayer data between February and May of 2015, affected more than three times more people than had been initially announced.
In late May, the IRS said approximately 100,000 tax accounts had been affected. On August 17, however, the IRS said it had "identified more questionable attempts to obtain transcripts using sensitive information already in the hands of criminals."
Specifically, approximately 220,000 additional instances of possible or potential access to taxpayer account information were identified, along with 170,000 additional failed attempts to acccess the IRS system. The numbers from May have also been updated, totalling 114,000 instances of access to taxpayer data and 111,000 failed attempts.
In total, the IRS now says there were 334,000 instances of possible access to taxpayer account data out of a total of 615,000 attempts.
"The IRS takes the security of taxpayer data extremely seriously, and we are working aggressively to protect affected taxpayers and continue to strengthen our systems," the IRS said in a statement. "The matter remains under review by the Treasury Inspector General for Tax Administration as well as IRS Criminal Investigation."
STEALTHbits Technologies channel manager Jeff Hill told eSecurity Planet by email that the news serves as a reminder of how difficult authentication-based attacks can be to identify. "Once legitimate credentials are obtained, it’s nearly impossible to distinguish between the good guys and the bad guys, especially if the attackers are patient and disciplined," he said. "Here we have a case where a successful authentication-based attack was discovered in May, and yet the IRS is still unclear of the extent of the breach's damage months later."
And HyTrust president and co-founder Eric Chiu said the update from the IRS should be no surprise at a time when so many organizations are playing catch-up with cybercriminals. "Most companies do not do enough to secure sensitive data, and also lack the monitoring to detect when breaches are happening, as well as the magnitude of the breach," he said.
"This is scary, especially given the compounding nature of the IRS breach, where the attackers were able to use previously stolen information to download historical tax returns in order to gain a complete financial profile of the individual," Chiu added. "These profiles can be used to open new accounts, siphon funds and ultimately steal the identities of the victims. Clearly, organizations need to do more to protect our personal information against these types of threats; otherwise, consumers will continue to pay the price."
Photo courtesy of Shutterstock.