"We live in a world where the Internet has become a database of ‘you’ and where one data breach can easily feed another," explains Westin. "The information that was used to bypass the ‘security’ screen is trivial. Social Security numbers, dates of birth, and street addresses are all types of data that have recently been compromised in a few of the large scale health insurance data breaches. Tax filing status can be identified pretty easily if you know whether the person is married or not."In all, approximately 200,000 attempts using the "Get Transcript" application were made from questionable email domains. According to the IRS, approximately half of these were successful in breaking through the multi-authentication barriers on taxpayers' accounts.
"The fact that the data came 'from questionable email domains' and at a high velocity of requests but yet had a 50% success rate indicates that basic threat intelligence was likely not in place to identify potentially malicious remote IP addresses or from proxies," states Westin. "Neither were other checks such as device fingerprinting that could block a higher percentage of malicious attempts. The data required to make these requests should not be considered a 'security' or 'authentication' check, as the data required is easily accessible with the high number of large scale data breaches, which have essentially made our personal information including Social Security number public information."The IRS has confirmed that its main tax filing submission system as well as other databases have not been affected by the data breach. Representatives of the IRS have begun sending notification letters to the 200,000 taxpayers whose accounts the criminals tried to compromise. The IRS will also offer free credit monitoring services to those whose accounts were successfully breached. As of this writing, the IRS' "Get Transcript" application remains unavailable following the incident.