Posts Tagged ‘business security’

Hackers Target IRS – 100,000 Taxpayer Accounts Breached

Wednesday, May 27th, 2015
Hackers Target IRS – 100,000 Taxpayer Accounts Breached - Rea & Associates - Ohio CPA Firm

Reports state that cyber-criminals were able to gain access to taxpayer accounts by obtaining specific, personal information, which allowed them to navigate the Get Transcript authentication process. The IRS said, since February, there have been about 200,000 attempts to access taxpayer’s Get Transcript accounts from “questionable email domains – of which, about 100,000 were successful.

Just when you thought it was safe to let your guard down, cyber-criminals have blindsided us again. This time they’ve used the Internal Revenue Service’s “Get Transcript” application to gain access to approximately 100,000 taxpayer accounts.

Read: Could A Cyber-Attack Cripple Your Business In 2015?

The IRS released a statement Tuesday stating the government agency is “working aggressively to protect affected taxpayers and strengthen [their] protocols even further going forward,” after learning that hackers used “non-IRS sources” to access data, including Social Security information, dates of birth and street addresses associated with the accounts of nearly 100,000 taxpayers. The IRS said the security breach occurred when criminals gained access to its online Get Transcript application, which has since been shut down pending a full investigation by the Treasury Inspector General for Tax Administration.

According to the IRS, “the online application will remain disabled until the IRS makes modifications and further strengthens security for it.”

The data breach was limited to the Get Transcript application, said an IRS representative. The main IRS computer system that manages tax filing submissions was not affected and remains secure.

Reports state that the criminals were able to gain access to the accounts by obtaining information specific to the certain taxpayers, which allowed them to navigate the Get Transcript authentication process, which includes asking the user to answer several personal questions to confirm their identity. The IRS said, since February, there have been about 200,000 attempts to access taxpayer’s Get Transcript accounts from “questionable email domains – of which, about 100,000 were successful.

Expect to receive a letter in the mail if your account was one of the 200,000 accounts targeted. And if your account was one of those that were compromised, your letter will provide additional information, including specific instructions to access free credit monitoring services that will be provided by the IRS to ensure your data is not being used in other financially damaging ways. According to the IRS, the letters started going out this week.

Concerned about identity theft as a result of this breach? Click here to learn what to do if your identity is stolen or if your personal information is compromised.

If you are a business owner, do you have protocols in place to protect your business from a cybercriminal?Email Rea & Associates to learn how you can protect your business from a cyberattack. You can also get some useful tips and information in the related articles below.

By Lesley Mast, CPA (Wooster office)

 

Related Articles 

How Much Is Your Data Worth To Criminals?
When Scammers Demand That You Pay Up, IRS Says You Should Hang Up
8 Tips For Crafting A Strong Password
How Do You Protect Yourself From Identity Theft?

Share Button

How Can Heartbleed Affect You and Your Business’s Online Identity?

Friday, April 11th, 2014

The Internet is a powerful tool – something that can make our lives (and businesses) easier. But it also can be our worst nightmare at times. If you keep up on the news, you may recall within the past few days hearing something about “Heartbleed.” No, this isn’t the name of a new rock-n-roll band. It’s the latest threat to your security on the Internet. News sites started reporting on this newest Internet threat earlier this week. But as more and more has become known about this Internet defect, it’s becoming clear that everyone with an online identity needs to be concerned about it.

Heartbleed is an exploit that basically allows malicious users to run a tool that will gain them access to a Web server and provide them with usernames and password from that server. What can this defect potentially affect? Every website on the Internet. Bank websites, social media sites, online merchant sites … the list goes on.

Within the past couple days, a Heartbleed defect was discovered that allows hackers to access chunks of a server’s memory that could contain Personally Identifiable Information (PII). Sites that integrate a Secure-Socket Layer (SSL) encryption certificate are now at risk of this new defect.

Steps For Protecting Your Online Identity

So what should you do to protect you and your business from this risk? Follow these steps:

  1. Take inventory of all of your online accounts and make a list of your accounts.
  2. Before changing your online passwords, contact the businesses of any accounts that may have SSL certificates to ensure that the company has issued new certificates. To check the “grade” of an SSL-secured site, you can visit Qualys SSL Labs website and input the URL of the site you’re checking. Sites are graded (A through F) on how secure they actual are.
  3. Change your passwords for each of your online accounts.
  4. Clear your Web browsers’ cache, cookies and history. Check out this ZDNet article for step-by-step instructions on how to do this.
  5. Closely monitor your bank and credit card statements to make sure there’s no unusual or suspect activity.
  6. If you receive emails or other online communication that promises a solution to your Heartbleed woes, don’t buy it. These communications are more than likely spam connected to dangerous malware or pointing you to malware. Heartbleed is a very complex online security threat, and there’s not a simple, quick fix for it.

Need Advice On Protecting Your Online Identity?

Following the steps outlined above will hopefully help lessen your chances of becoming a victim of identity theft and fraud. If you have questions or need additional guidance on how to protect your business, contact our IT audit professionals at Rea & Associates.

Author: Brian Garland, CPA (Dublin office)

 

Looking for other blog posts about protecting your business’s online identity? Check these posts out:

Do You Know Who Has Access To Your IT Network?

How Can I Protect My Business From A Data Security Breach?

How Can You Prepare For The Retirement of Microsoft Windows XP?

 

Share Button