WASHINGTON—The hacking at the Internal Revenue Service is different from the kinds of breaches that have taken place at various retailers due to how it occurred and the fact its repercussions may last for years, according to analysts.
The IRS has confirmed that data on nearly 100,000 Americans has been obtained by hackers who have, in turn, sought to gain up to $50 million in fraudulent tax refunds. Experts expect the hackers will attempt to defraud taxpayers in years to come, and they will likely also look to trick those same taxpayer’s into helping them get around the IRS’ security filters in the future.
“This breach is not just about what this single group is going to do with the information, but what happens when this information gets sold on the black market,” Peter Warren Singer, the author of “Cybersecurity and Cyberwar: What Everyone Needs to Know,” told the New York Times. “It’s rare for the actual attackers to turn the information directly into money. They’re stealing the data and selling it off to other people.”
In the most recent tax filing season, TurboTax, for instance, temporarily halted electronic filing of state tax returns after seeing an increase in attempts to use stolen information to file fraudulent returns to claim tax refunds.
In the IRS case, its computers weren’t actually breached. Instead, the criminals already had individuals’ Social Security numbers and other personally identifiable data. They then used that information to attempt to access filers’ returns using an application on the IRS website.
Without more information about the individuals who were targeted, it is hard to know the endgame, Marc Goodman, the author of “Future Crimes,” told the New York Times.