Hackers stole 101,000 taxpayers' logins/passwords from the IRS

Amazingly, this is an improvement on last year, when hackers took 300,000 taxpayers' records from the IRS.

The identity thieves leveraged data from other breaches to automate the impersonation of taxpayers to the IRS's servers, making 464,000 attempts and succeeding 101,000 times.

No personal information was obtained from the IRS systems. Agency officials are flagging the accounts of all affected taxpayers and plan to notify them by mail of the incident. The IRS is also working with other government agencies and industry partners to investigate the hack or stem its effects. The hack occurred last month.

The breach underscores just how easy it is for attackers to dredge up personal information for huge numbers of people. With the recent compromises of the US Office of Personnel Management and health insurers Anthem, Premera, CareFirst, and Excellus—to name just a small sampling—it's easy to see how a breach on one organization can provide hackers with enough raw data to compromise millions of accounts housed with unrelated organizations.

IRS website attack nets e-filing credentials for 101,000 taxpayers
[Dan Goodin/Ars Technica]

IRS Statement on E-filing PIN

(Image:
IRS 1040 Tax Form Being Filled Out, Ken Teegardin, CC-BY-SA)