IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com)

← Back to Stories (view on slashdot.org)

IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System (engadget.com)

Posted by EditorDavid on Sunday June 26, 2016 @03:33AM from the filing-out dept.

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.

4 of 104 comments (clear)

Min score:

Reason:

Sort:

Re:in before by Anonymous Coward · 2016-06-26 03:42 · Score: 2, Interesting

Some neck beard has to make a comment about PIN numbers!
I've always been curious about the epithet. People have beards just on their necks? That's odd, but why should we care?
It's like "mouth breather"-- we care about whether people breathe through their nose or their mouth or both? Why?
"SECURITY MEASURES" = "FINDING OUT" by CaptainDork · 2016-06-26 04:10 · Score: 3, Interesting

This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack...

The IRS is not alone in this. After entities get hacked, they implement tighter detecting tools and sigh with the false comfort that they "are on top of things."
Look ...
If your storage building is being ransacked and you put up security cameras that show people breaking in, you have not actually SOLVED anything if the thefts continue.
It's not hard, folks: Get a goddam lock.

--
It little behooves the best of us to comment on the rest of us.
Re:Easy solution PIV by markus · 2016-06-26 04:33 · Score: 5, Interesting

There are plenty of great second factor solutions. The better ones are really easy to use and provide a lot more security. But providers don't want roll out fancy new technology, and users are blissfully unaware of how security works, so they want the same thing that they have had for the last couple of decades.
The upshot is that even when second factors are rolled out, we essentially end up with something no more secure than password and pin, whereas there are beautiful solutions such as FIDO U2F that are ignored.
Re:Wise move by pete6677 · 2016-06-26 13:00 · Score: 3, Interesting

That's because whenever a government agency decides to "save money" they do so in the dumbest possible way, which almost always costs them more later. Not that corporations never do this, but with government bureaucracies they seem to be a special kind of stupid.