Somebody tried to hack into the IRS last month, but don’t worry because the tax man caught them. Nice!
Hot on the heels of a very public outage that may or may not have been a hacker, the US Internal Revenue Service (IRS) sent out a press release explaining that somebody else attempted to break into their taxpayer database in January. The release states boldly that the agency “identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov”. Confusingly, it also states that IRS “identified unauthorised attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN”. Where the would-be hacker got all those social security numbers is unclear. But the most important thing, emphasis ours:
No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application.
So if Americans get a random letter from the IRS telling the that an unnamed hacker has their social security number, there’s not much they can do about it. It’s entirely possible that the stolen data being used to hack into the IRS was the same data that was stolen from the IRS in 2015. But hey, at least the IRS is halting the hackers who maybe already hacked them. That’s a welcome break from the agency’s tradition of super shitty cybersecurity.