Monday, February 29, 2016

Cyber Hackers Accessed Over 700,000 Taxpayer Accounts

The IRS (Internal Revenue Service) announced on Friday that around 724,000 taxpayers' sensitive personal information was stolen in a cyber hack last year.  This new estimate is more than double the agency's previous estimate.  The IRS hack was first discovered last May and the IRS originally stated that 114,000 people's personal information had been breached in the hack.  However, in August, the IRS raised its count to as many as 334,000 (Fortune).

It is believed that these hackers were able to access people's personal information through a "get transcript" feature on the agency's website that has since been disabled.  Earlier this month, the IRS detected unauthorized efforts to gain access to more than 450,000 Social Security numbers and around 101,000 of those efforts were successful (US).

According to Rep. Jason Chaffetz, R-Utah, chairman of the House Committee on Oversight and Government Operations, "The IRS doesn't have its house in order at any level" (US).

What do you think? What possible measures could be taken against these cyber hackers? Would IRS protection be better if we entrusted it to private businesses?


Tara Young said...

I think this is an extremely important problem. Hopefully, the cyber security of the IRS's database is being worked on to become more secure and prevent anymore hacks. This should be a top priority since pretty much all of the citizens in the United States report their financial standings to the IRS. This data is very important and private. The information in the wrong hands could lead to theft or blackmail or many other crimes. The topic of cyber security is a tough one. The computer science field and security is constantly advancing and evolving, but at the same time so to hackers. I do not think that the IRS protection would be better if entrusted to private business because then the business could have corruption within. Business's purposes are generally to create profit and that might lead to weakened protection as it could be less of a priority. However, since the business is profit oriented, they may put extra effort in to maintain security to maintain their business. Overall, I think that the IRS would be best left in the government's hands, but they need to improve security as much as possible and continue to innovate to protect personal data even better.

Jeffrey Song said...

I agree with Tara that this is an extremely important problem, and one that has generally been extremely underrepresented in media in favor of Trump antics or Clinton scandals. In the technological age we live in now where everything is recorded and digitized in massive government databases, the issue of cyber-security has risen to quickly become one of the leading topics of debate and discussion among experts in the field and how it can apply to government. There are a number of ways it can be addressed; according to Matthew Wells, an editor for BBC, "[the IRS] needs to shift its security strategy from 'breach-prevention', to 'breach-acceptance'." Essentially, instead of devoting time and resources to preventing a breach from ever happening in the first place, which Wells argues is impossible in this day and age where every bit of information is so inter-connected and interdependent, cyber-security should be focusing on minimizing the overall loss of data by a breach by compartmentalizing and encrypting smaller segments of data within their database, allowing hackers to only access the specific segment of data that they had managed to break into.

Another option to improve the security of our databases, however obvious it may sound, is to simply increase the resources and time allocated to increasing cyber-security. TalkTalk chief executive Dido Harding views cybersecurity as "the number one risk" in their industry and admits that she "should be spending more time and money on it." It's easy to put off cyber-security as an important issue when everything seems fine and dandy, but it's only when huge data breaches like these happen that it's revealed just how weak the defenses protecting our most valuable information are. Until more national gov't attention is devoted to this topic and they begin to view it as a very real and dangerous risk, I'm not sure how much the IRS can do on it's own. This is a problem that encompasses more than just their department, it affects all areas of gov't that relies on communications and electronics. In other words - basically everything.

Crystal Lee said...

I agree with the way Jeff presented the problem in his commen: with the digitization of a lot of sensitive information, cyber-security has become hugely important.

Also, I cannot believe that the IRS had such a huge security hole that allowed private records to be accessed with a button. Best-case scenario, there was a hole in the code, a vulnerability, that allowed hackers to get in through that button. Worst-case scenario, the button literally, and without much effort, gave hackers access to all that private information.

I think both of the approaches Jeff mentioned are important. However, I think there would have to be some serious oversight there with the spending of the cybersecurity funds, not only which companies the funds might go to to produce higher security, but also efficient use of the spending and making it sure it really does all go towards cybersecurity, and not anything else.

However, with an election looming, will this be a large, or even vaguely significant, issue? Perhaps it would supplement Donald Trump's desire to abolish the IRS, but other than that...I'm not sure we'll see much progress on this issue.