The Canada Revenue Agency (CRA), shut its website down mid-way through the 2014 tax filing season due to the Heartbleed virus. The CRA was fast to react and pull their services down very quickly, so hackers were only able to obtain approximately 900 Social Insurance Numbers in a data breach that lasted 6 hours.
Early last month the Internal Revenue Service (IRS) confirmed that its systems had endured another cyber attack. Approximately 464,000 unique Social Security Numbers were involved and attackers successfully gained access to 101,000 e-file Pins … which can be used to file fraudulent electronic tax returns.
This most recent attack echoes a massive breach last year where hackers stole information from the IRS systems, affecting 330,000 taxpayers and diverted $50 million in federal funds for fraudulent returns. The IRS admits there is a problem and that it’s growing quickly. Tax return fraud losses in the US are expected to hit 21 billion by the end of 2016, up from 6.5 billion just 2 years ago.
Thanks in part to the convenience and popularity of paperless e-filing, this type of scheme where criminals steal the means to craft and/or pass bogus transactions is easier to pull off than ever before. After stealing credentials to file returns electronically, all a criminal needs is some Personally Identifiable Information (PII) and they can invent income or remittance records, submit a falsified claim and receive a refund by mail or direct deposit within a few weeks.
For the individual involved, once PII has been stolen, the recovery process to confirm your identity can be exhausting. Once PII is in the wild, thieves can use it to obtain credit cards, take out loans and mortgages or rack up any form of credit they can get their hands on … all in someone else’s name … leaving the unsuspecting victim holding the bag and spending hours trying to clean up the mess after the fact.
The financial impact of fraudulent returns ultimately falls on the respective government bodies and because each body resides in different jurisdictions, there isn’t any single cure-all solution that can help stop the epidemic. Firewalls, encryption and intrusion detection mechanisms are widely used together as part of a layered approach to security, where each strata reinforces the last. Incorporating such overlap or redundancy is a common element of any hardening strategy, because once a hacker finds a gap and pokes a hole in your security perimeter, the door is open for intruders to gain more dangerous access.
This is precisely why we developed DataStealth … so that when attackers breach a security perimeter, there is no private or confidential information to steal. With DataStealth, intruders cannot steal what is not there. Traditionally, data security has focused on preventing a perimeter breach … but that strategy is clearly no longer effective. A data security solution like DataStealth protects private and confidential data and documents by removing it from the equation.
Want to know how to protect your website from vulnerabilities without sacrificing performance?
Click Here to learn more