Hacked Equifax Hired by IRS

Hackers Were Able to Obtain: Names, Birthdays, Addresses, SS #s, Drivers Licenses & Credit Card #s

Yes you read that right.  The IRS plans to go forward with hiring Equifax to verify and validate taxpayer identities in the wake of their massive systems breach.  If you missed the news (because apparently the IRS did), hackers were able to obtain confidential financial information—including social security numbers—of 145 million users; which now equates to the largest US data breach in history.

Outraged by the IRS’s decision to hire Equifax, some members of Congress spoke out including Senate Finance Chairman Orrin Hatch (R-Utah). He recently told Politico:

 “In the wake of one of the most massive data breaches in a decade, it’s irresponsible for the IRS to turn over millions in taxpayer dollars to a company that has yet to offer a succinct answer on how at least 145 million Americans had personally identifiable information exposed.”

The IRS continues to defends it’s choice, stating that the service Equifax was hired for will not put U.S. taxpayers personal information at risk.  They will, however, keep a watchful eye on their new hire.

If you have been affect and/or would like to find out if your were affected by Equifax’s breach you can do so by clicking here.  However, we advise caution before using services to ascertain Equifax exposure.  According to the terms and conditions, users that access Equifax’s systems to determine if their information was compromised are voluntarily giving up their rights to sue and/or join class action lawsuits against Equifax.

If you would like more information about this breach or would like to to speak to an R&G Brenner professional, contact us toll free at (888) APRIL-15 or via web by clicking here.


IRS Lacks Adequate Data Protections

IRS' Network At Risk

The IRS has failed to implement key components of its information security program, potentially putting at risk sensitive agency and taxpayer data, according to the federal government’s top watchdog.

A report from the Government Accountability Office released Friday concludes that IRS computer systems used to process financial and taxpayer data are subject to “control weaknesses” that could “jeopardize the confidentiality, integrity and availability of the financial and sensitive taxpayer information processed by IRS’s systems.”

Specifically, the GAO noted that the IRS has not consistently put security controls in place to monitor actions on its computer systems, identify and authenticate users and ensure that sensitive data is encrypted while in transit. The report also said that outdated and unsupported software continues to expose the IRS to “known vulnerabilities and shortcomings in performing system backup place the availability of data at risk.”

“Considered collectively, these deficiencies … along with a lack of fully effective compensating and mitigating controls, impair IRS’s ability to ensure that its financial and taxpayer information is secure from internal threats,” the report said.

The IRS uses computerized systems to support the processing, storage and transmission of critical financial and taxpayer information. To manage that information, the IRS maintains enterprise data centers in Michigan, West Virginia and Tennessee.

Federal watchdogs conducted audits at all three locations. They also reviewed key IRS security policies and interviewed agency officials during fiscal years 2011 and 2010.

The GAO noted that the IRS has established a framework for a comprehensive information security program, and has even made strides in addressing security deficiencies. That includes the creation of working groups to “identify and remediate specific at-risk control areas.” However, the report notes that the IRS has still hasn’t fully implemented the program.

The GAO recommended that the IRS take six specific actions to help put the security program in place, including improvements to the agency’s continuous monitoring process. The GAO also said it is recommending an additional 23 steps in a separate report to” correct newly identified control weaknesses.”

The IRS, in a response to the GAO report, agreed to develop a detailed corrective action plan to address each recommendation.