Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government Privacy Crime Security United States Politics

'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS (thehill.com) 105

An anonymous reader quotes a report from The Hill: The IRS does not expect the Equifax data breach to have a major effect on the upcoming tax filing season, Commissioner John Koskinen said Tuesday, adding that the agency believes a "significant" number of the victims already had their information stolen by cyber criminals. "We actually think that it won't make any significantly or noticeable difference," Koskinen told reporters during a briefing on the agency's data security efforts. "Our estimate is a significant percent of those taxpayers already had their information in the hands of criminals." The IRS estimates that more than 100 million Americans have had their personally identifiable information stolen by criminal hackers, he said.

The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."

This discussion has been archived. No new comments can be posted.

'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS

Comments Filter:
  • ...cuz it's already been stolen. These are the same guys that tax civil forfeiture.

    --
    "Throw all the tea over!" -- Ben Franklin

    • by Anonymous Coward

      I don't know about most of you but I've shared most my information on a very limited need to know basis. It's extremely unlikely most of my information was stolen prior to this idiotic event. Sure, some companies had some mailing addresses and credit card numbers but very few had everything together or my SSN. Now these idiots handed a consolidated version of it over and as usual there's no real repercussions. When will citizens of this country finally get upset enough to take action against this garbage an

      • by Anonymous Coward

        1 - allow all that personal info used to authenticate you to be stolen.

        2 - everyone's tax returns get stolen (likely by intelligence agencies to fill their black fund pools).

        3 - solve the problem with a universal chip-based token system (some smart card) for use with all government activities

        4 - expand that to solve other identification "problems"

        5 - replace cash with a government account linked to your universal ID

        etc. etc. etc.

        It always starts with the fear.

    • by PPH ( 736903 ) on Tuesday October 17, 2017 @08:44PM (#55387261)

      ... a virgin. So a bit of rape won't really matter.

      Just hold still.

  • When asked for clarification, they responded "Everything is screwed anyways, so who cares!"

    • by whoever57 ( 658626 ) on Tuesday October 17, 2017 @06:49PM (#55386767) Journal

      Don't worry, there are posters here who will find a way to blame the breach on "government" and continue to claim that governments can do nothing right, while applauding big companies for whatever they do, good or bad.

      • by gtall ( 79522 )

        I too get a bit irritated about the "government" talk. When some one commits murder, do we say his/her family committed the murder? No, and the government is not some monolithic entity, it has many moving parts. The reason is because that's what Americans have demanded government do, and what companies have managed to sneak in to government functions. The Reagan push to "privatize" government made the problem worse.

    • I translated this as: "We give up - every person for themselves!"
  • by Anonymous Coward

    Does it make it suddenly better.. or more OK.. that there were multiple companies that were so lax in security to release information to the bad guys? Is this an attempt at an "out" for Equifax? Can the IRS provide unequivocal facts proving that the Equifax breach had a "significant" overlap with previous breaches?

    I mean come on. The IRS just nuked Equifax's contract is this supposed to make them feel a little bit better?

    There is no "acceptable" release of information from a security breach.

  • That's the best they can do?

  • >"'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS"

    Then what would the IRS have possibly gained by trying to use Equifax's services to help prevent fraud?

    Or perhaps this is code for "don't look at the man behind the curtain" or "oh, don't worry, we got ya covered anyway" or "see, none of this really mattered anyway, so let's not talk about security or misuse of the SSN as a universal ID number anymore." So many possibilities. Yeesh

  • "assume" their data is already in the hands of criminals and "act accordingly."

    ...And do what exactly? Burn our current identity and get a new one out of the bag that we have hidden in a locker at the bus station? Whee, I am now Raoul Yankinov now, bricklayer from New Jersey!

    If the government is going to hoard PI and not defend it with ICE and brutal cyber crime laws, they better come up with a better fucking plan 'b' for when they worked over by everyone on the Internet who can write a script.
    • Well, previous advice was to "file early."

      Not that you can file faster than a bot polling from your payroll data...

  • by aberglas ( 991072 ) on Tuesday October 17, 2017 @06:49PM (#55386779)

    That is what they do. And sell the information to anyone who'll pay.

    And the people of America think that is a good idea.

    The data leaks just mean that some people are getting the data for free.

    • Earwaxes response: Whahh!! I don't want to spend the money on security. I want to keep it. Whahh!!
    • by gtall ( 79522 )

      The people of American never go to vote on whether someone collecting and creating honey pots for criminals and "product" to sell regarding information. Government cannot be expected to be immediately on top of every stupid thing companies do. The right claims too much government interference (as long as it doesn't involve religion what whatever Trump is wanking off on these days), the left wants an authoritarian dictatorship which will punish every micro-aggression which they get to define.

  • by Anonymous Coward

    I have been part of the Anthem, Yahoo!, Equifax, and few other data breaches.

    Getting the "Your data has been stolen and we're giving you free identity protection" letters has become routine for me.

    THEN I call the 800 number on my credit report and I get some foreigner. When I ask where are they, I get "We cannot disclose that for security reasons." bullshit.

    So, _I_ have to disclose all my personal data to someone in some god knows where country to get customer service and _I_, the customer, cannot know tha

  • Three times in the last few months I've found that some company I once bought an item or service from has kept my credit card details "on file" just in case I fail to pay for subsequent purchases. They never asked permission, which would have been denied, but how can I stop them? I told each of them that single action has resulted in my never doing business with them again. These are businesses that have only a few employees, no chance of an IT person, let alone an actual security policy nor any idea what "

    • There really should be big fines on this sort of irresponsible collection of sensitive data.

      This would have an unintended consequence of giving companies an even greater incentive to cover up security breaches. They only have to pay the fine if they get caught.

      • There really should be big fines on this sort of irresponsible collection of sensitive data.

        This would have an unintended consequence of giving companies an even greater incentive to cover up security breaches. They only have to pay the fine if they get caught.

        Make the fine ten times larger if they don't come forth in a timely fashion and admit it themselves. Hand 1/10 of the fine to the whistleblower.

    • Use Visa gift cards for online purchases. Even with the refillable ones the cost of trashing one and getting another is very low.
  • The IRS knows that half that US taxpayers just got hacked, and 1/3 were already hacked. What are they doing to avoid giving refunds to the wrong parties? What are they doing to establish a new secure authentication/identification system that hasn't been hacked? What are they doing in any way, shape, or form?

    The answer to all these is NOTHING.

    The IRS has the responsibility of collecting operating funds for the largest most affluent government in the world... and instead of securing their clients, securing

    • Is there any part of this Administration that can sink any lower?

      This can't be the first time you've asked that. Have you not learned that they're more than happy to answer? PLEASE, stop asking!

    • You have a very odd idea as to what being "affluent" is. The Federal government owes more than $225 trillion which includes $205 trillion in unfunded liabilities that Congress has unconstituionally spent without making any provision to pay.

      It seems you think debt == affluence, and the more debt you have the richer you are.

      The US is bankrupt. If the government lowered spending enough to start paying off what we owe at $1 trillion a year it would take more than 2 centuries to get us out of debt, even if we

      • I generally agree with your sentiment, but your individual debt figure is off by over an order of magnitude. The debt per citizen is a bit over $62K, while the debt per taxpayer is over $168K.

        Source: http://www.usdebtclock.org/ [usdebtclock.org]

        Also, I'm not sure how you figure deficit spending is "unconstitutional". The US does not have a balance budget amendment.

    • by gtall ( 79522 )

      In order for the IRS to create a new secure/authentication system, they need a bill passed in Congress and signed by What's-His-Name telling them to do this. More importantly, they need an yearly appropriation for x years giving them the money to do this. This should take what, a couple-O-weeks on your time scale?

      An alternative to producing said system in house, which I might add would require staffing and buying machines to produce said system, is to turn the effort over to private industry...presuming the

    • by Daetrin ( 576516 )

      This is not surprising seeing as the IRS is part of the Administration of He Who Shall Not Be Named Responsible.

      I'm actually unsure which administration you're trying to blame for this problem, but the IRS has been around for over a century and a half, there's not really much about it that you can blame on a single administration, or even a single party.

      The problem is that we, as a country and quite possibly as a species, just can't math. Or rather we can math, but we then throw it all out the window as soon as emotions get involved.

      We've spent trillions of dollars and thousands of lives on wars and military act

    • by HiThere ( 15173 )

      Much as I despise Trump, this is unfair criticism. The IRS has been arrogantly abusive and unresponsive to clear needs for well over a decade...and I'm not sure how much over. It doesn't seem to change when the administration changes.

  • Let loose the class action lawsuits.

    Every time some dumbass creditor loans money out to someone on strength of this stolen information and doesn't get paid, but turns around and trashes the person identified by the information, sue the creditor.

    I know that if I were on a jury I'd be like, "You idiot creditor. You didn't get repaid because you didn't bother to really verify the identity of the person you gave money to. And then you think you're justified in trashing this innocent person's reputation? Well, I feel justified in handing that innocent person a LARGE payment for damages. Yeah, I think $1M ought to cover it."

  • You, in your vandalized home after someone broke into it and went through your stuff, and the police officer saying "Hey, ain't that bad, after all, didn't you have someone break in before? You should be used to it by now!"

    What do you get for making an officer eat his badge?

  • Didn't the IRS just signed a deal with them to do peoples data verification?

  • Subject line says it all. I'm not even going to be bothered to do a gods-be-damned thing unless I see my identity has been stolen or my bank account has been affected because it's already too gods-be-damned late to do anything about it anyway, and thanks so FUCKING MUCH for that, Equifax, YOU HAD ONE JOB AND YOU FUCKED IT ALL UP!
  • Unfortunately our usual method for ascertaining identity is based on an assumption of privacy of certain personal information. The loss of privacy represented by this breach is certainly something deserving of our outrage. But all that justifiable outrage is dwarfed by the implications of no longer having a reliable way to establish identity in a mobile and technological society. While there is still time before the stolen information is widely disseminated, we need to use the doomed current system to boots

  • by fropenn ( 1116699 ) on Wednesday October 18, 2017 @04:18PM (#55392575)
    Let's make all social security numbers, birth dates, and addresses public. That way the financial companies will have to find a better way of verifying the identify of people before it gives them access to large sums of money.

When we write programs that "learn", it turns out we do and they don't.

Working...