Forbes.com 

The IRS has filed an amended statement on the ‘Get Transcript’ hack — which reports that 700,000 U.S. taxpayer accounts were accessed or targeted, and 47 million transcripts have been ordered to date.

In January 2014, Get Transcript launched on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application on IRS.gov. The IRS identified approximately 225,000 taxpayers whose transcripts had been accessed or targeted. In August 2015, the IRS announced it had identified approximately 390,000 additional taxpayer transcripts which had been access or targeted – which brought the total number of hacked accounts to 615,000.

The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity – which led to the amended reporting of approximately 700,000 hacked accounts to date.

The IRS is notifying the hacked taxpayers by mail — informing that they have been victims and cyber thieves may have their personal information, and providing guidance.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”

The online viewing and download feature of “Get Transcript” has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.

Post-hack reporting by the U.S. government usually gets worse over time. When OPM was hacked, the first reported numbers indicated four million people had their personal information exposed. The final tally was nearly 22 million.

The IRS has filed an amended statement on the ‘Get Transcript’ hack — which reports that 700,000 U.S. taxpayer accounts were accessed or targeted, and 47 million transcripts have been ordered to date.

In January 2014, Get Transcript launched on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application on IRS.gov. The IRS identified approximately 225,000 taxpayers whose transcripts had been accessed or targeted. In August 2015, the IRS announced it had identified approximately 390,000 additional taxpayer transcripts which had been access or targeted – which brought the total number of hacked accounts to 615,000.

The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity – which led to the amended reporting of approximately 700,000 hacked accounts to date.

The IRS is notifying the hacked taxpayers by mail — informing that they have been victims and cyber thieves may have their personal information, and providing guidance.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”

The online viewing and download feature of “Get Transcript” has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.

Post-hack reporting by the U.S. government usually gets worse over time. When OPM was hacked, the first reported numbers indicated four million people had their personal information exposed. The final tally was nearly 22 million.

Steve Jobs understood what people want. His insistence on making hard things easier — for instance, using a personal computer — was an essential part of the Apple success story. Apple CEO Tim Cook has been doing the same thing — but now the “hard thing” is privacy and encryption.

Apple has consistently earned top marks for its privacy and data security policies. That said, since the San Bernardino shooting, which left 14 dead and 22 seriously injured, the company’s privacy-first approach has been experiencing a sort of baptism by fire.

Much debate has arisen around the encryption on San Bernardino shooter Syed Rizwan Farook’s iPhone 5C. Shortly after the shooting, the iCloud password associated with Farook’s phone was reset by a law enforcement officer attempting to gather information.

The snafu purportedly eliminated the opportunity for any information on the phone to auto backup onto the cloud when the device was used on a recognized Wi-Fi network. This information could have then been retrieved.

According to ABC News, the last time Farook’s phone had been backed up was Oct. 19, 2015 — a month and a half before the attack. According to court documents, this fact suggested, “Farook may have disabled the automatic iCloud backup function to hide evidence.”

Apple provided the FBI with the iCloud backups prior to Oct. 19. But the government wanted access to the phone, at least partially to discern if Farook had any terrorist ties. And, to get to it, the FBI asked Apple to reverse a feature that erases an iPhone’s data after 10 failed attempts to unlock it. If Apple did so, the government could use software to guess Farook’s passcode.

The FBI argued its reset of Farook’s password should not prevent Apple from honoring this request.

“It is unknown whether an additional iCloud backup of the phone after that date — if one had been technically possible — would have yielded any data,” the agency said in a statement. “Direct data extraction from an iOS device often provides more data than an iCloud backup contains.”

And, last week, a federal court ordered Apple to develop a custom iOS so the FBI could gain access to the phone. Apple is refusing to comply with the court order.

“Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” CEO Tim Cook said in an open letter to Apple customers. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

What’s at Stake

Consumer awareness around privacy and encryption has gained traction, following Edward Snowden’s revelations regarding the scope of government surveillance practices at the National Security Agency. Still, the public’s response to Apple’s current plight remains divided.

While some pundits, commentators and high-profile figures have argued the FBI should be able to access phone records in cases where national security may be at risk, others have come to Cook’s defense, arguing he is right to protect Apple customers. I, too, believe he is right to stand his ground here. In an environment where many companies would allow law enforcement to access private information, Apple is standing up for consumers and suggesting they can no longer tolerate routine incursions into their private lives — whether the so-called trespassers hail from the halls of government or invade in the interest of commerce.

To create an iOS or any other kind of backdoor into a personal device creates moral hazard. The potato chip theory applies to law enforcement and the erosion of the constitutional rights guaranteed to all U.S. citizens. One potato chip leads to another, and it’s hard to stop eating them. In the same way, one legal mulligan leads to another.

There has to be a point in the evolution of consumer privacy (or its disintegration) where we can no longer lower our standards as fast as our situation is deteriorating. When it comes to our privacy we really have to stand firm — and Tim Cook is doing that.

Executive Director of the Privacy and Big Data Institute at Ryerson University Ann Cavoukian long ago coined the phrase “Privacy by Design” to describe what’s starting to happen in the U.S. marketplace. Her theory was that consumers will start shopping for the best deals on their privacy — the less personal information required by a potential service or product, the more appealing it will be to the consumer.

So in that regard, the Justice Department is right to suggest, as it did last week that Apple is trying to protect its “public brand marketing strategy.” But in this instance, the strategy is consumer advocacy — nothing more or less. Privacy is not a brand. It is a right. And, contrary to popular belief, it’s no longer particularly hard, either. Apple’s strategy is to provide a useable product that is safe — and protects users against a potential war on their privacy.

This story, which originally appeared as an Op/Ed contribution on Credit.com, does not necessarily represent the views of the company or its partners.

 

Filers beware: There’s a good chance there’s a tax scam email in your inbox.

According to the Internal Revenue Service, there’s been an approximate 400% surge in phishing and malware incidents so far this tax season. In other words, plenty of thieves are currently sending out texts and emails under the guise of the IRS or other tax industry players this year. These messages are an attempt to steal personal information or data related to your tax refunds, filing status, transcripts and/or PIN information either directly or through malware that gets downloaded onto your computer when you click on infected links. The information can be used to file false tax returns.

“Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes,” IRS Commissioner John Koskinen said in a consumer alert re-issued earlier this week. “We urge people not to click on these emails.”

Tax Fraud on the Rise

The IRS’s findings aren’t exactly surprising. The agency announced earlier this year that it’s anticipating $21 billion in tax refund fraud this year. And, just this month, Intuit warned consumers that a fake TurboTax email was making the rounds. Still, the stats should inspire everyone to be a little more careful about what they click on this tax season. Per the agency’s latest consumer alert:

  • There were 1,026 incidents reported in January, up from 254 from a year earlier.
  • The trend continued in February, nearly doubling the reported number of incidents compared to a year ago. In all, 363 incidents were reported from Feb. 1 to Feb. 16, compared to the 201 incidents reported for the entire month of February 2015.
  • This year’s 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.

How to Spot a Tax Scam Email

Fortunately, there are a few simple ways to spot a tax scam email. For starters, be extremely skeptical of any emails purportedly from the IRS. The agency says it generally does not initiate contact with taxpayers by email regarding personal or financial information. Be similarly wary of emails that ask you to update important tax information by clicking on a link. (Recent scam emails the IRS has come across included the subject lines referencing “Get my E-file Pin”, “Order a transcript” and “Get my IP Pin”.) And look for typos or misspellings in the body of the message — they’re a big sign something is amiss.

If you do receive a shady email, refrain from clicking on any line and, instead, forward it to phishing@irs.gov.

Remember, filing your taxes as early as possible is the best way to minimize the odds of falling victim to taxpayer identity theft. But, if you have reason to believe your personal information was compromised, you should keep an eye on your credit. A sudden drop in credit scores is a sign your identity has been stolen. You can monitor your standing by viewing your two free credit scores each month on Credit.com.

This article originally appeared on Credit.com.

 
Matt Cullina is the CEO of IDT911, the provider partner for FreedomID's fraud resolution services. Matt comments on the recent trends regarding identity theft targeting the wealthy.

Read More

By 

Published September 16, 2015

Courtesy of FoxNews.com

A private industry IT security firm tells Fox News that personal data stolen over the span of several high-profile U.S. cyber breaches is being indexed by China's intelligence service into a massive Facebook-like network.

According to CrowdStrike founder Dmitri Alperovitch, Chinese hackers are using information gained from the breaches of the U.S. Office of Personnel Management, as well as intrusions into the Anthem and CareFirst BlueCross BlueShield health insurance networks, to build a complete profile of federal employees in what the company calls a "Facebook of Everything."

"That can now be used to embarrass you publicly and force you to work for the Chinese government," Alperovitch told Fox News. "It's, in effect, a private version of Facebook with much more detail about your life than even Facebook has that the Chinese now have access to." Current and former intelligence officials echoed the assessment.

As Fox News has reported, the most sensitive information stolen in the OPM breach was lifted from what is known as the Standard Form 86, or SF-86. The 127-page security clearance application is essentially a road map to your life. It contains highly detailed information on everything from where an applicant lived and worked, to personal references, family members, friends and associates, as well as drug history and intimate health information.

What's startling is the fact that virtually all government employees and contractors who hold the top echelon of U.S. security clearances were impacted by the OPM breach, even the Director of the FBI. James Comey joked at an intelligence and national security summit last week that had his SF-86 been stored in a strongly encrypted database "maybe someone wouldn't be reading it today."

According to a law enforcement source close to the OPM investigation, the scope of the data stolen in the breach makes this a "generational problem." Fox News is told that the big worry among those in the Intelligence Community is the possibility that applicants’ associates, friends and family will be impacted. Of particular concern, according to this source, is the likelihood that information on applicants’ children could be leveraged against them down the road.

Specifically, cybersecurity experts warn that this stolen information may be used for blackmailing and targeting of applicants’ children.

“To try to get them to reveal some information about their parent’s work and use that, eventually, for espionage activities,” Alperovitch explained to Fox News. “Information that has been collected about them may be used decades later.”

There is much concern among victims over the government’s response to the cyberattack, which left sensitive information on some 21.5 million individuals compromised. An intelligence source close to the OPM investigation tells Fox News that this is not an issue that can be fixed with merely a few years of credit monitoring – referring to the government’s current program that offers victims and their dependents credit and identity theft monitoring services free of charge.

While refusing to delve too far into specifics, Pentagon press secretary Peter Cook on Tuesday acknowledged the severity of the lingering vulnerabilities associated with the breach and offered assurances that the government is working vigorously to mend the damage.

“This is going to be a wide-ranging effort on the part of the federal government to try and address this," Cook told reporters at a press briefing.

Fox News’ Lucas Tomlinson contributed to this report

Matthew Dean (@MattFirewall) is Fox News' Department of Justice & Federal Law Enforcement producer. He is also the co-host of FoxBusiness.com's Firewall.