'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS (thehill.com) 105
An anonymous reader quotes a report from The Hill: The IRS does not expect the Equifax data breach to have a major effect on the upcoming tax filing season, Commissioner John Koskinen said Tuesday, adding that the agency believes a "significant" number of the victims already had their information stolen by cyber criminals. "We actually think that it won't make any significantly or noticeable difference," Koskinen told reporters during a briefing on the agency's data security efforts. "Our estimate is a significant percent of those taxpayers already had their information in the hands of criminals." The IRS estimates that more than 100 million Americans have had their personally identifiable information stolen by criminal hackers, he said.
The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."
The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."
Re: (Score:3)
Re: (Score:2)
Yes, throw the buggers in jail. Now please explain precisely under which law we will do this?
It doesn't matter that your information is stolen (Score:1)
...cuz it's already been stolen. These are the same guys that tax civil forfeiture.
--
"Throw all the tea over!" -- Ben Franklin
Re: It doesn't matter that your information is sto (Score:3, Insightful)
I don't know about most of you but I've shared most my information on a very limited need to know basis. It's extremely unlikely most of my information was stolen prior to this idiotic event. Sure, some companies had some mailing addresses and credit card numbers but very few had everything together or my SSN. Now these idiots handed a consolidated version of it over and as usual there's no real repercussions. When will citizens of this country finally get upset enough to take action against this garbage an
They are not idiots. It's intentional. (Score:1)
1 - allow all that personal info used to authenticate you to be stolen.
2 - everyone's tax returns get stolen (likely by intelligence agencies to fill their black fund pools).
3 - solve the problem with a universal chip-based token system (some smart card) for use with all government activities
4 - expand that to solve other identification "problems"
5 - replace cash with a government account linked to your universal ID
etc. etc. etc.
It always starts with the fear.
You are no longer ... (Score:5, Funny)
Just hold still.
U.S. Government says: "We Give Up!" (Score:2)
When asked for clarification, they responded "Everything is screwed anyways, so who cares!"
Re:U.S. Government says: "We Give Up!" (Score:5, Insightful)
Don't worry, there are posters here who will find a way to blame the breach on "government" and continue to claim that governments can do nothing right, while applauding big companies for whatever they do, good or bad.
Re: (Score:2)
I too get a bit irritated about the "government" talk. When some one commits murder, do we say his/her family committed the murder? No, and the government is not some monolithic entity, it has many moving parts. The reason is because that's what Americans have demanded government do, and what companies have managed to sneak in to government functions. The Reagan push to "privatize" government made the problem worse.
Re: (Score:2)
FUD... It was given BEFORE and revoked AFTER.
It hasn't been revoked. It's been temporarily suspended.
IRS puts Equifax contract on hold during security review [reuters.com]
NEW YORK (Reuters) - The U.S. Internal Revenue Service has temporarily suspended a contract worth more than $7 million it recently awarded to Equifax Inc following a security issue with the beleaguered credit reporting agency’s website on Thursday.
Re: (Score:2)
Wasn't that after the second (or was it third?) breach. The feds just ignored the first one (that was kept secret for months).
Re: (Score:2)
So... what? (Score:1)
Does it make it suddenly better.. or more OK.. that there were multiple companies that were so lax in security to release information to the bad guys? Is this an attempt at an "out" for Equifax? Can the IRS provide unequivocal facts proving that the Equifax breach had a "significant" overlap with previous breaches?
I mean come on. The IRS just nuked Equifax's contract is this supposed to make them feel a little bit better?
There is no "acceptable" release of information from a security breach.
Re: Why can't we have a flat tax? (Score:1)
Because.... Accountants don't want that and their progression has leverage?
Did I win?
Re: Why can't we have a flat tax? (Score:1)
Progression ->Profession
Re: Why can't we have a flat tax? (Score:1)
Re: (Score:1)
The system we have is great. It is so complicated that only the worthy may escape the maze.
Re: (Score:2)
Most of the paperwork seems to be in documenting income and determining what counts as income, and all of the deductions. Going to 3 or 1 bracket does not reduce the amount of paperwork by much, since its not the source of most of the complexity.
Re: (Score:2)
So the answer is to get rid of the deductions.
Personally, I don't favor a flat tax, but rather a linear tax with an offset as well as a flat tax rate, but that *is* a bit more complex.
Re: (Score:3)
What makes the tax code complicated is not the tax brackets. That's a simple spreadsheet. What makes it complicated is the number of exceptions, which allow Warren Buffet to effectively pay a lower tax rate than his secretary. You can simplify the tax code without going to a flat tax, and a flat tax doesn't inherently mean that the exceptions have been removed.
Or, maybe we can allow a flat tax only under certain eligibility conditions: No government contracts or subsidies, no lobbying, and none of eit
Re: (Score:2)
Re:Why can't we have a flat tax? (Score:4, Informative)
If you're proposing that the government is only allowed to collect taxes (a percentage of the total paid) on money they've paid out directly, it seems to me that they'd necessarily run out of money in short order. Unless, of course, you think the government firing up the presses every time an expense comes up is actually a good thing?
Re: (Score:2)
Re: (Score:2)
Except a lot of criminals either have no real jobs or won't pay taxes. When's the last a drug dealer paid taxes on his business dealings, or the mob didn't cook the crap out of their books?
Seriously? (Score:1)
That's the best they can do?
REGULATIONS require broken encryption (Obama) (Score:2)
The "REGULATIONS" I had to follow on government-sponsored projects *required* we use outdated, thoroughly broken suckerity, such as MD5. It takes less than one second to break MD5. We're not allowed to use effective algorithms such as SHA256, we must use the completely broken MD5. These regulations were of course promulgated by the Obama administration.
I would LOVE it if information security could be fixed by regulation. I'd love it even more if it could be fixed by whining about the other team. Sadly,
Re: (Score:2)
"information security to be fixed by regulation". How would that work, exactly. You admitted you cannot tie it to prevailing technology because advances can make the technology obsolete. If you write something more blanket like, "Thou shalt not allow any information not entirely yours to leak" creates a Swiss cheese of a law which ambulance chasing lawyers will drive trucks through. And it would be so draconian that there is no hysteresis in the system of law governing information, that opens holes up just
Re: (Score:2)
I think his point is that it wouldn't work. He wishes it would, but this is reality, and by implication in reality it doesn't.
Quite a statement (Score:2)
>"'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS"
Then what would the IRS have possibly gained by trying to use Equifax's services to help prevent fraud?
Or perhaps this is code for "don't look at the man behind the curtain" or "oh, don't worry, we got ya covered anyway" or "see, none of this really mattered anyway, so let's not talk about security or misuse of the SSN as a universal ID number anymore." So many possibilities. Yeesh
...And do what? (Score:2)
If the government is going to hoard PI and not defend it with ICE and brutal cyber crime laws, they better come up with a better fucking plan 'b' for when they worked over by everyone on the Internet who can write a script.
Re: (Score:2)
Well, previous advice was to "file early."
Not that you can file faster than a bot polling from your payroll data...
It's Equifax's job to attack your privacy (Score:5, Informative)
That is what they do. And sell the information to anyone who'll pay.
And the people of America think that is a good idea.
The data leaks just mean that some people are getting the data for free.
Re: (Score:2)
Re: (Score:2)
No other western country allows this (that I am aware of). This is purely a US thing, and really surprised me when I lived there for a while.
Re: (Score:2)
The people of American never go to vote on whether someone collecting and creating honey pots for criminals and "product" to sell regarding information. Government cannot be expected to be immediately on top of every stupid thing companies do. The right claims too much government interference (as long as it doesn't involve religion what whatever Trump is wanking off on these days), the left wants an authoritarian dictatorship which will punish every micro-aggression which they get to define.
Anthem, Yahoo!, and others. (Score:1)
I have been part of the Anthem, Yahoo!, Equifax, and few other data breaches.
Getting the "Your data has been stolen and we're giving you free identity protection" letters has become routine for me.
THEN I call the 800 number on my credit report and I get some foreigner. When I ask where are they, I get "We cannot disclose that for security reasons." bullshit.
So, _I_ have to disclose all my personal data to someone in some god knows where country to get customer service and _I_, the customer, cannot know tha
How do you stop them? (Score:2)
Three times in the last few months I've found that some company I once bought an item or service from has kept my credit card details "on file" just in case I fail to pay for subsequent purchases. They never asked permission, which would have been denied, but how can I stop them? I told each of them that single action has resulted in my never doing business with them again. These are businesses that have only a few employees, no chance of an IT person, let alone an actual security policy nor any idea what "
Re: (Score:3)
There really should be big fines on this sort of irresponsible collection of sensitive data.
This would have an unintended consequence of giving companies an even greater incentive to cover up security breaches. They only have to pay the fine if they get caught.
Re: (Score:2)
There really should be big fines on this sort of irresponsible collection of sensitive data.
This would have an unintended consequence of giving companies an even greater incentive to cover up security breaches. They only have to pay the fine if they get caught.
Make the fine ten times larger if they don't come forth in a timely fashion and admit it themselves. Hand 1/10 of the fine to the whistleblower.
Re: (Score:2)
It's all stolen BUT GO AHEAD & TRUST IT ANYWAY (Score:2)
The IRS knows that half that US taxpayers just got hacked, and 1/3 were already hacked. What are they doing to avoid giving refunds to the wrong parties? What are they doing to establish a new secure authentication/identification system that hasn't been hacked? What are they doing in any way, shape, or form?
The answer to all these is NOTHING.
The IRS has the responsibility of collecting operating funds for the largest most affluent government in the world... and instead of securing their clients, securing
Re:It's all stolen BUT GO AHEAD & TRUST IT ANY (Score:4, Funny)
Is there any part of this Administration that can sink any lower?
This can't be the first time you've asked that. Have you not learned that they're more than happy to answer? PLEASE, stop asking!
Re: (Score:2)
You have a very odd idea as to what being "affluent" is. The Federal government owes more than $225 trillion which includes $205 trillion in unfunded liabilities that Congress has unconstituionally spent without making any provision to pay.
It seems you think debt == affluence, and the more debt you have the richer you are.
The US is bankrupt. If the government lowered spending enough to start paying off what we owe at $1 trillion a year it would take more than 2 centuries to get us out of debt, even if we
Re: (Score:2)
I generally agree with your sentiment, but your individual debt figure is off by over an order of magnitude. The debt per citizen is a bit over $62K, while the debt per taxpayer is over $168K.
Source: http://www.usdebtclock.org/ [usdebtclock.org]
Also, I'm not sure how you figure deficit spending is "unconstitutional". The US does not have a balance budget amendment.
Re: (Score:2)
In order for the IRS to create a new secure/authentication system, they need a bill passed in Congress and signed by What's-His-Name telling them to do this. More importantly, they need an yearly appropriation for x years giving them the money to do this. This should take what, a couple-O-weeks on your time scale?
An alternative to producing said system in house, which I might add would require staffing and buying machines to produce said system, is to turn the effort over to private industry...presuming the
Re: (Score:2)
This is not surprising seeing as the IRS is part of the Administration of He Who Shall Not Be Named Responsible.
I'm actually unsure which administration you're trying to blame for this problem, but the IRS has been around for over a century and a half, there's not really much about it that you can blame on a single administration, or even a single party.
The problem is that we, as a country and quite possibly as a species, just can't math. Or rather we can math, but we then throw it all out the window as soon as emotions get involved.
We've spent trillions of dollars and thousands of lives on wars and military act
Re: (Score:1)
One of these is not like the others.
Re: (Score:1)
Re: (Score:2)
Much as I despise Trump, this is unfair criticism. The IRS has been arrogantly abusive and unresponsive to clear needs for well over a decade...and I'm not sure how much over. It doesn't seem to change when the administration changes.
It's time to start suing creditors for libel (Score:3)
Let loose the class action lawsuits.
Every time some dumbass creditor loans money out to someone on strength of this stolen information and doesn't get paid, but turns around and trashes the person identified by the information, sue the creditor.
I know that if I were on a jury I'd be like, "You idiot creditor. You didn't get repaid because you didn't bother to really verify the identity of the person you gave money to. And then you think you're justified in trashing this innocent person's reputation? Well, I feel justified in handing that innocent person a LARGE payment for damages. Yeah, I think $1M ought to cover it."
Re: (Score:2)
Everything you say is true, and I'd still be tempted to vote to find the creditor guilty.
Re: (Score:2)
The SSN isn't that big a problem. The problem is that for some odd reason it's not used for identification but for authorization.
THAT is the essential problem here.
Imagine a police officer saying this (Score:2)
You, in your vandalized home after someone broke into it and went through your stuff, and the police officer saying "Hey, ain't that bad, after all, didn't you have someone break in before? You should be used to it by now!"
What do you get for making an officer eat his badge?
Re: (Score:2)
Closing the barn door after the horse has left (Score:2)
Identity and privacy should be separate issues (Score:1)
Unfortunately our usual method for ascertaining identity is based on an assumption of privacy of certain personal information. The loss of privacy represented by this breach is certainly something deserving of our outrage. But all that justifiable outrage is dwarfed by the implications of no longer having a reliable way to establish identity in a mobile and technological society. While there is still time before the stolen information is widely disseminated, we need to use the doomed current system to boots
Let's make it all public (Score:3)