Not whoops for the article, we all expect that sort of thing but Oops looks like I am first on. Better not mess it up. I just wondered if the IIRS can be sued. I gather the US government can choose.
The US Internal Revenue Service (IRS) has admitted that its problem with "Get transcript" scammers is much worse than first thought – over seven times as bad to be precise. In May of 2015, the IRS reported that around 100,000 people had had their tax returns and income forms sent out to criminals who gamed its "Get transcript …
There was a heart surgeon at one hospital that killed several dozen patients and, finally!, a magistrate judge let a suit for malpractice to proceed. Mind you, this same surgeon was operating on Congress critters and veterans for years. I was really surprised it took so long.
I have a medical team at the local VA hospital here and one of their first recommendations was suing the US Navy for malpractice and wrongful termination, and then the Veteran's Administration itself for malpractice. I'm not made of money and the only way you can go ahead on such a suit is to find a greedy enough lawyer, willing to stick to the case, and willing to play the magistrate judge lottery. I thinks it fairly obvious that I haven't found one yet. Gave up long ago.
Looking at the privacy notice booklet that they send fairly regularly, the only people that don't have immediate access is the general public. Anyone even vaguely official already does. Some privacy.
[Which is why I don't give a shit about privacy. Now access to my devices? I get into radical frothing at the mouth mode around that.]
Isn't this the expected outcome of all the accumulated breaches of personal information over the past few years? Any given set of "are you the person you say you are" questions will likely have answers "out there on the netz". The IRS set up a front-end that checked for "is it you" stupidly, and then they gave out even more personal information.
There is no set of online questions that is proof against the aggregated 'private' information 'stolen' from all the idiot corporate/government databases. I say 'none', ever, because if the IRS should now add requiring your grandmother's blood type and shoe size, they would store that somewhere, it would get lifted sometime, and rinse-repeat...
Can we at least give up on "the security of your private information is important to us" vs. the far simpler "we lost your shit, so we lost the company and our jobs, and yes your shit is for sale but our names are on the free publicly accessible wall-of-shame site www.footgun.org" ?
BTW: Is footgun.org really available? Damn!
the real criminals (congress) have their bank accounts drained - including the hidden ones overseas.
Seriously(?), if the other crooks can get this far into the govmint's pants, I assume that pretty soon they'll be transferring the few bars of real gold left in Fort Knox to some other home. Maybe they can even infiltrate the fake money-making apparatus of the Federal Reserve.
I was actually mesmerized by the fact that someone got the IRS computers to cough up so much in a reasonable period of time. It had to be done electronically and I seriously doubt it was just the world facing computers involved in the process. Those puppies are seriously lagged. Or was that they were seriously lagged the indicator that they'd been breached?
"Inquiring minds want to know."
Excellent point. On the hatred level, they're all in close competition. What the IRS does lead on by leaps and bounds is FEAR. Even more than the tin foil hat conspiracy theories about disappearing people, when the IRS comes for you it's guilty until you can prove yourself innocent, with the interest meter running the whole time. Nobody knows anybody who has been "disappeared". Everybody knows at least one person who has been screwed by the IRS.
If I read the article correctly, fraudsters were able to scam the irs system by using personal identifiable information of the account holder. That means to me that unhappiness should be pointed that we have 700k+ with compromised pii, and that with added transcripts from the irs, it adds an additional pii on this 700k+, and to me, means the 700k+ has much higher chance of credit issues and worse.
I expect part of the problem is that it is so much easier to crack these thing than people think. Let's assume your name really was Web Head. So I run an address look up on your name. Now I have, if not your address, at least the address of several people with the same name. I can also easily find your phone number. Now I can check farcebook, twatter, and a few other places to find likes and dislikes, maybe even the name of your favorite pet. If you're a prolific poster I can probably find the names of you favorite movies. Favorite color? Pish! What are the odds it isn't part of ROYGBIV? I mean really, how many people will put in chartreuse as their favorite color? (I would but I can't remember how to spell it and need to look it up, which makes it unworkable for me.)
Yeah, not half as hard as people think. And with 150 million filing returns, it's a target rich environment. You don't have to have a 50% success rate, even 2% will yield a lot of data.
Biting the hand that feeds IT © 1998–2020