Recently, we learned that the total number of accounts that may have been compromised in the IRS data breach might have exceeded 330,000. That alone's already more than twice the original estimates when the breach was first disclosed in May. But aside from the growing numbers, there are a couple more details that really stand out.
Initial investigations show that before the attackers were able to enter the system, they had to go through an authentication process that required a handful of personal information associated with a legitimate taxpayer account.
This information included the taxpayer's Social Security Number, date of birth, tax filing status, street address, and even answers to personal questions like "What was your high school mascot?".
It's believed that the attackers didn't obtain the information needed from the IRS itself. Rather, they may have collected those pieces of information from different sources. There's more. It's also believed that that particular attack on the IRS system wasn't the end goal.
It was only done to obtain additional information, which, when combined with the information the attackers already got from various sources, could then be used in carrying out fraudulent tax refunds.
One key takeaway here is that, because of technology and connectivity, almost every individual's personal data (or copies of it) is scattered far and wide. Thus, securing them - and consequently making attacks like this more difficult to carry out - would take a collective effort.
Businesses and organizations must now start stepping up their game on information security. By securing the data you have, you're not only mitigating the risk of a data breach at your end. You're also mitigating the risk of other businesses, and they, yours.
The IRS, OPM, and Target data breaches weren't the first of their kind. But a new mindset - a more security conscious one - can make future similar incidents less likely to happen.
Would you like more articles on security? Click that link or scroll back up to the top-right of this page and subscribe via email.