Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
United States Technology

IRS Taxpayer Data Theft Seven Times Larger Than Originally Thought (cnn.com) 91

An anonymous reader writes: For the second time, the IRS has revised the estimated damage of a criminal syndicate's massive theft of American taxpayer data. In May 2015, the government agency said criminals used a tool on the IRS website to steal the tax forms of 104,000 people. Then in August, it revised that number up to 330,000. On Friday, the tax-collection agency revealed that number is now closer to 720,000. This is a result of a "Get Transcript" tool which was available on the IRS website up until the spring of last year. It was used to help taxpayers easily download years worth of tax forms in the event that they lost their old tax documents. Unfortunately, an unidentified cybermafia was able to dupe the "Get Transcript" tool and download millions of tax documents related to the 720,000 people whose tax forms had been stolen.
This discussion has been archived. No new comments can be posted.

IRS Taxpayer Data Theft Seven Times Larger Than Originally Thought

Comments Filter:
  • by Anonymous Coward

    Breaking news: the presidential conference is about to start, where Mr. President will announce how he read all about this in the papers; and how outraged he is; and how he'll get to the bottom of this...

    in ...3 ...2 ...1

    • Re: (Score:1, Troll)

      by Kohath ( 38547 )

      Let's put them in charge of our health care.

      • by mrsam ( 12205 )
        Last time I checked, we already did.
      • by modmans2ndcoming ( 929661 ) on Saturday February 27, 2016 @01:59PM (#51599071)

        Because private companies are so much better at keeping their data safe.

        http://www.zdnet.com/article/a... [zdnet.com]

        • by Kohath ( 38547 ) on Saturday February 27, 2016 @02:10PM (#51599117)

          Private company loses your data, you stop doing business with them. IRS loses your data, fuck you.

          Private company negligent with your data, private company gets sued and maybe criminally charged. IRS negligent with your data, fuck you. IRS workers keep their jobs, no one faces any consequences. Except you. Because fuck you.

          • by Anonymous Coward

            Are you serious? Since when have companies really been punished by more than token amounts?

            Have you heard about arbitration? Good luck trying to sue any company

            It's people like you who are ruining this country. You think you can't change the government? You have the right to vote, to speak you mind to your representative, and to even run for office. If you are wealthy enough you can even contribute to lobbyists to influence government. There are plenty of ways to influence the government, much less so with

          • by Trepidity ( 597 ) <delirium-slashdot AT hackish DOT org> on Saturday February 27, 2016 @02:31PM (#51599235)

            Yeah, like I can realistically stop doing business with my health-insurance company or the company that invests my pension fund.

            • by Kohath ( 38547 )

              Which one will put you in prison?

              • by Anonymous Coward

                Okay you just jumped the shark there. I know getting +5 on bashing the IRS has made you proud, but the IRS can't put anyone in prison when the IRS loses their data. The IRS is not even part of the judicial branch and who knows what insanity caused you to argue that the IRS is going to put data theft victims in prison.

                • by Kohath ( 38547 ) on Saturday February 27, 2016 @03:00PM (#51599401)

                  ... the IRS can't put anyone in prison when the IRS loses their data.

                  If you decide to stop doing business with them because they're criminally irresponsible with your data, they send you to prison. That's the major difference between government and private interactions: private interactions are voluntary -- if you don't like a company or a person you don't have to do business with them. Government interactions are forced -- obey your government masters or go to prison.

              • by Trepidity ( 597 )

                I'm all for abolishing prisons too, but I don't see how that's very relevant to a discussion of data privacy. But hey, if an anti-prison candidate like Angela Davis runs for president, no objections from me.

            • Yeah, like I can realistically stop doing business with my health-insurance company or the company that invests my pension fund.

              I have a choice of several health insurance companies. I have a choice of hundreds of investment companies.

              On the other hand, I also have a choice of countries to live in. I lived in China for a while, and really liked it there, but my wife (who is Chinese) prefers America, so here we are.

              • by Trepidity ( 597 )

                In my case I don't really have a choice of either unless I quit my job, since my employer chooses them. The pension fund is particularly problematic because even if I quit my job, I couldn't move my investments to another manager for at least 5 years, when everything vests, so I'm stuck with this one for a while (and they aren't good at data protection). So yes, there is a sequence of choices that could lead to avoiding them, but they're a lot of choices awkwardly tied together with cross-linked contracts a

                • by Kohath ( 38547 )

                  In my case I don't really have a choice of either unless I quit my job, since my employer chooses them.

                  If your company's health insurance provider loses everyone's data, it loses the company executives' data too. They can decide to choose a more responsible provider. You could also opt out and find a more responsible provider if your company's provider is bad. Everyone involved has choices and at least some financial interest in choosing responsibly.

                  • by Anonymous Coward

                    Everyone involved has choices and at least some financial interest in choosing responsibly.

                    Nope, some people have interest in choosing the measure that will cost less.

                    After all, if it doesn't break until after you've cashed out, what do you care?

            • by Anonymous Coward

              Buy an ETF directly with your pension money, likely to be better in the long run than using an investment fund. You physically own the shares so in principle you can put them in a bank safe and not need any 'investment firm'

          • Private company loses your data, you stop doing business with them. IRS loses your data, fuck you.

            Private company negligent with your data, private company gets sued and maybe criminally charged. IRS negligent with your data, fuck you. IRS workers keep their jobs, no one faces any consequences. Except you. Because fuck you.

            Don't be a stupid anarchist. Once your data is stolen, it is out there forever. You figure the bad guys are going to say "Oh that company we stole data from went out of business bdecause of the invisible had of the free market, so we'll have to steal it all over again?" No, once they steal your SS number, and I know of a lot of non-governmental breaches - they have the keys to the Kingdom. provided by the lax network security, that most Private industry networks incorporate. Don't be so anti-government t

            • by Anonymous Coward

              Don't be a stupid anarchist. [snip pointless rambling about obvious stuff everybody knows] Don't be so anti-government that you make all of your ilk look like they have IQ's of 10. Because you are sounding so incredibly stupid now, you make the government you hate so much look like a great alternative to anything you could come up with.

              Actually, GP just made a point, which you ignored and decided instead to be insulting. Presumably because you don't have a reasonable counterpoint. So... you're kinda the one that doesn't look very smart.

              • Actually, GP just made a point, which you ignored and decided instead to be insulting. Presumably because you don't have a reasonable counterpoint. So... you're kinda the one that doesn't look very smart.

                The problem is, that the invisible hand of th free market will not do one goddamned thing. Not one little bitty thing about a free market company losing the data. Your data is lost, not doing any more business with them won't make one little bit of difference. It's got, the bad guys have it, now they use it.

                And since these data breaches were not committed by the government, it's doubly stupid to blame the government.

                Insulting? I have no patience for willful stupidity, for those who trot out stock bugab

          • Private company loses your data, you stop doing business with them. IRS loses your data, fuck you.

            Private company negligent with your data, private company gets sued and maybe criminally charged. IRS negligent with your data, fuck you. IRS workers keep their jobs, no one faces any consequences. Except you. Because fuck you.

            It's called "Sovereign Immunity."

            You can't sue the IRS, or any part of your US Government, except under way-out-there circumstances (which this dumb breach is unlikely to meet – IANAL).

      • Let's put them in charge of our health care.

        While it is so popular to blame the government, And no doubt many will, there is a basis for this, and it isn't the government, it is us.

        All of our data is online, and most of it is protected exactly as well as all of the data breaches we hear about. Hospitals with no security, schools with no security. And while it specifically notes on ones Social security card that it isn't for identification, for years, we'd give out our socials exactly as ID, including for silly shit like Shopper's cards, and other

        • by l3v1 ( 787564 )
          "While it is so popular to blame the government, And no doubt many will, there is a basis for this, and it isn't the government, it is us."

          That's stupid enough. The IRS is one of the most important data holders about everyone, and they should be required to protect the data they handle, and they should be punishable with the highest possible penalties, since they should be held by higher standards than everyone else, including companies.
          • "While it is so popular to blame the government, And no doubt many will, there is a basis for this, and it isn't the government, it is us." That's stupid enough. The IRS is one of the most important data holders about everyone, and they should be required to protect the data they handle, and they should be punishable with the highest possible penalties, since they should be held by higher standards than everyone else, including companies.

            Very nice screed and all, but you could line up every IRS employee, push them off a cliff, and it wouldn't cure a thing. You do understand how this fraud is happening don't you?

            People who have personal information on the internet, and that is most of us, have had that information stolen. Social security, credit information, payroll information. The bad guys involved have made up artificial people who are indistinguishable from the real people without some fairly deep scrutiny.

            When the bad guy knows you

      • by gtall ( 79522 )

        Two different agencies, and the ACA plans are run by the insurance companies, the ones who are have been fucking us all along. Only Bernie is stupid enough to think the Feds could take over health insurance under a single payer. Personally, I don't think he gives a flying rat's ass about universal health care, he just doesn't like rich people and intends to use it as bludgeon to take their money. However, rich people have accountants and lawyers and tax shelters, and they don't have to continue living in th

  • by Anonymous Coward

    Heads should roll. But they won't.

  • Face it. (Score:4, Insightful)

    by Anonymous Coward on Saturday February 27, 2016 @02:02PM (#51599077)

    Your government will not tell you the truth until it absolutely must, and not even then.

    Just operate on the following assumptions, and you should be just fine:
    1. ALL of your personal data has been compromised. The reason maybe your identity hasn't been misused is that either it isn't valuable enough, or they just haven't gotten around to it. With so many stolen identities to choose from, the sheer volume of stolen data almost works FOR the people whose data was stolen.
    2. Your government is full of incompetent, corrupt, stupid, assholes at best, with the occasional competent, compassionate, caring individual, but they're the outliers, the exceptions. Then, there are a few truly evil, malicious ones who make you happy when you come up against one of the merely incompetent, and just so glad when the interaction is over that you forget how much you wanted to do something to fix it, because hey, it's not your problem anymore.
    3. The people mentioned in 2, above, are most likely spying on you, legally or otherwise.
    4. 99+% of the time, the information gathered in 3, above, will never be used against you, in a civil or criminal court; you're just not that damned interesting, therefore...
    5. You should go about your life, because there isn't Jack shit you can do about any of this anyway. Your data has been stolen and is in the hands of, as a minimum, the Chinese, if not others. You're NOT going to go "off-grid," and "disappear," it's simply not worth the effort, and besides, they'll still know where you are anyway, so that it will turn out to be pointless, and an ineffective way to protect your "privacy" anyway. You can't fire people in the bureaucracy, and you'll never get others to agree to throw all the bought-and-paid-for jerks out of office at the ballot box. The people spying on you are mostly bored to fucking tears because most of us are, and you probably too, are boring as shit. You'll keep an eye periodically on your credit report(s) to deal with any spurious new loans or borrowing you didn't authorize, and otherwise just continue to live your life.

    Live it.

  • by Anonymous Coward

    This data leak shows how difficult it is nowadays to verify true identities.

    It would seem to me that it instead demonstrates that your entire notion of "identity" as some small subset of facts about a person is stupid. Identity as a concept is the sum of what makes us distinct from everything else, is it any wonder that you find you run into limitations with a shoehorn like this? The entire concept of identity that governments and social media networks are pushing, identity = name = face = SSN = only one pe

  • Don't worry though (Score:4, Interesting)

    by NotSoHeavyD3 ( 1400425 ) on Saturday February 27, 2016 @02:54PM (#51599365)
    If we give them a back door to all iPhones that won't get stolen from government servers, you have their word on it.
    • If we give them a back door to all iPhones that won't get stolen from government servers, you have their word on it.

      If you have been arrested, and are temporarily in the local City jail – rightly or wrongly – you have no way to trigger the "nuke my iPhone's memory" via "Find My iPhone" on the iCloud website (.Mac website).

      You get a phone call, but only after cops have held you for as long as legally possible. They will then ask if you would like to make a phone call.

      "Yes, I want to call my attorney/partner/anyone", you say.
      Cop response: "OK, so what's the phone number?"
      You respond, "It's on my cell phone

  • Needs an audit.
  • Tax transcripts give pretty much information-- being able to hijack that information and then do more targeted attacks for refunds is a very big deal. At a loss for how they could do it though; the transcripts are only supposed to be sent to your last tax return address.

  • Weren't there folks on here claiming that the simple act of losing the information is enough to cause harm and allow a lawsuit?
  • This is pretty much straight from the government playbook. First, deny that the incident occurred in the first place. Anyone that challenges you is automatically branded as some tin foil hat wearing malcontent. Second, when the news does finally come out then lie about the extent of it. Third, slowly let out the real numbers (or close to it). By then the public has forgot about the scandal and moved on to the next one.

    This is why I don't trust these bastards to do anything right. Next up, massive data breac

There is never time to do it right, but always time to do it over.

Working...