Slashdot Mirror
'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS (thehill.com)
An anonymous reader quotes a report from The Hill: The IRS does not expect the Equifax data breach to have a major effect on the upcoming tax filing season, Commissioner John Koskinen said Tuesday, adding that the agency believes a "significant" number of the victims already had their information stolen by cyber criminals. "We actually think that it won't make any significantly or noticeable difference," Koskinen told reporters during a briefing on the agency's data security efforts. "Our estimate is a significant percent of those taxpayers already had their information in the hands of criminals." The IRS estimates that more than 100 million Americans have had their personally identifiable information stolen by criminal hackers, he said.
The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."
The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."
We should all withhold paying our taxes until we can be certain that our information hasn't been stolen by criminals. It would be the safe, prudent course of action.
...cuz it's already been stolen. These are the same guys that tax civil forfeiture.
--
"Throw all the tea over!" -- Ben Franklin
When asked for clarification, they responded "Everything is screwed anyways, so who cares!"
Does it make it suddenly better.. or more OK.. that there were multiple companies that were so lax in security to release information to the bad guys? Is this an attempt at an "out" for Equifax? Can the IRS provide unequivocal facts proving that the Equifax breach had a "significant" overlap with previous breaches?
I mean come on. The IRS just nuked Equifax's contract is this supposed to make them feel a little bit better?
There is no "acceptable" release of information from a security breach.
People making $10K a year pay X%, and people making $100,000,00 a year pay the same X%.
That seems extremely fair and equitable, and would eliminate the bulk of the IRS bureaucracy and any need for public accountants overnight.
POOF!!
That's the best they can do?
Requiem for the American Dream
Congress is sitting on its ass trying to give away the deficit directly to billionaire children of billionaire con artists while hard working citizens are being screwed out of their life savings, again. At risk of making this political, who the fuck trusts Republicans to do a god damn things about any of this? I have 0.5% faith in anyone else addressing it either, but that's still a nonzero possibility. The GOP and Tea Party deregulation scheme ENDS IN US ALL GETTING SCREWED. Even if you're a fiscal conservative or even a religious conservative surely you can see that putting wolves to guard poultry DOES NOT FUCKING WORK, BY DESIGN. RIGHT?
>"'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS"
Then what would the IRS have possibly gained by trying to use Equifax's services to help prevent fraud?
Or perhaps this is code for "don't look at the man behind the curtain" or "oh, don't worry, we got ya covered anyway" or "see, none of this really mattered anyway, so let's not talk about security or misuse of the SSN as a universal ID number anymore." So many possibilities. Yeesh
"assume" their data is already in the hands of criminals and "act accordingly."
...And do what exactly? Burn our current identity and get a new one out of the bag that we have hidden in a locker at the bus station? Whee, I am now Raoul Yankinov now, bricklayer from New Jersey!
If the government is going to hoard PI and not defend it with ICE and brutal cyber crime laws, they better come up with a better fucking plan 'b' for when they worked over by everyone on the Internet who can write a script.
HA! I just wasted some of your bandwidth with a frivolous sig!
That is what they do. And sell the information to anyone who'll pay.
And the people of America think that is a good idea.
The data leaks just mean that some people are getting the data for free.
I have been part of the Anthem, Yahoo!, Equifax, and few other data breaches.
Getting the "Your data has been stolen and we're giving you free identity protection" letters has become routine for me.
THEN I call the 800 number on my credit report and I get some foreigner. When I ask where are they, I get "We cannot disclose that for security reasons." bullshit.
So, _I_ have to disclose all my personal data to someone in some god knows where country to get customer service and _I_, the customer, cannot know that for "security reasons"?
Guilty parties;
Bank of America
JP Morgan Chase
Equifax
Transunion
Experion
and every goddamn financial services company out there.
They are blasting ALL of our information all over the World. Meaning, Equifax may not have been a hack but an inside job - or at least some Third World sub-sub-contractor who got our information.
They don't give a shit.
I don't know about most of you but I've shared most my information on a very limited need to know basis. It's extremely unlikely most of my information was stolen prior to this idiotic event. Sure, some companies had some mailing addresses and credit card numbers but very few had everything together or my SSN. Now these idiots handed a consolidated version of it over and as usual there's no real repercussions. When will citizens of this country finally get upset enough to take action against this garbage and turn this country around. Oh wait, I forgot the 2016 election was basically a unanimous "I quit caring."
Three times in the last few months I've found that some company I once bought an item or service from has kept my credit card details "on file" just in case I fail to pay for subsequent purchases. They never asked permission, which would have been denied, but how can I stop them? I told each of them that single action has resulted in my never doing business with them again. These are businesses that have only a few employees, no chance of an IT person, let alone an actual security policy nor any idea what "best practices" means. Yet they think it's fine to keep those details from every credit transaction they've had going back for years.
There really should be big fines on this sort of irresponsible collection of sensitive data.
On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
The IRS has it!
The IRS knows that half that US taxpayers just got hacked, and 1/3 were already hacked. What are they doing to avoid giving refunds to the wrong parties? What are they doing to establish a new secure authentication/identification system that hasn't been hacked? What are they doing in any way, shape, or form?
The answer to all these is NOTHING.
The IRS has the responsibility of collecting operating funds for the largest most affluent government in the world... and instead of securing their clients, securing their procedures, or securing their systems... all they do is say "Don't worry - you were already hacked."
This is not surprising seeing as the IRS is part of the Administration of He Who Shall Not Be Named Responsible.
Is there any part of this Administration that can sink any lower?
E
The credit agencies have been giving away private info for decades. This sounds like made-up garbage in order to make Obama look bad. He loved us and protected our information. Things are better now after he was our ruler.
If YOU wanted YOUR data secure, YOU should have been more careful. Personal responsibility, every hear of it?! Why didn't you make these accusations sooner? I mean just look at that filthy data, who really wants that? You're probably just trying to make a buck. #MAGA!
so it's ok then. Carry on citizen as usual, and avoid panic buying
Is there any part of this Administration that can sink any lower?
This can't be the first time you've asked that. Have you not learned that they're more than happy to answer? PLEASE, stop asking!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
... as we know it.
No court could seriously dispute the following argument:
- everyone's data has been stolen by criminals by now
- criminals steal this data to commit fraud with
- in the absence of evidence it couldn't be a criminal using my information to take on that debt, you must dismiss the suit.
The only way to legally take out a loan should be to meet the lender and a notary at a police station, have everybody get prints, DNA and mugshots, and get it videotaped.
Also, you have to register who's lending, who's borrowing, the effective date and the social security number of lender and borrower seven or more days in advance in a national register of lending.
If you see your social and it's not you, just go to your local police station, get prints, DNA and mugshot and have the police notate the bad loan.
If you show up to take out a loan that has been notated bad, everybody is arrested until the police work out who is scamming whom.
It will still affect Americans because it redistributes your data to new criminals. Many more people affected this time. If the IRS gets to use "significant number" team officially I sure can use "Many more". I can also say that's significantly a poor response.
They're just trying to minimize what happened to protect Equifax by making what happened not look so bad. They're too rich to fail.
1 - allow all that personal info used to authenticate you to be stolen.
2 - everyone's tax returns get stolen (likely by intelligence agencies to fill their black fund pools).
3 - solve the problem with a universal chip-based token system (some smart card) for use with all government activities
4 - expand that to solve other identification "problems"
5 - replace cash with a government account linked to your universal ID
etc. etc. etc.
It always starts with the fear.
The IRS knows, because they're the ones who leaked your information.
Just hold still.
Have gnu, will travel.
Let loose the class action lawsuits.
Every time some dumbass creditor loans money out to someone on strength of this stolen information and doesn't get paid, but turns around and trashes the person identified by the information, sue the creditor.
I know that if I were on a jury I'd be like, "You idiot creditor. You didn't get repaid because you didn't bother to really verify the identity of the person you gave money to. And then you think you're justified in trashing this innocent person's reputation? Well, I feel justified in handing that innocent person a LARGE payment for damages. Yeah, I think $1M ought to cover it."
By have so much software in COBOL, OS 370 and 9-track tape. Too hard for a script kiddie.
Clearly the way to improve security is to cut the IRS budget. Let's start with the quit division.
Sincerely
The legitimate businessmen's club.
You have a very odd idea as to what being "affluent" is. The Federal government owes more than $225 trillion which includes $205 trillion in unfunded liabilities that Congress has unconstituionally spent without making any provision to pay.
It seems you think debt == affluence, and the more debt you have the richer you are.
The US is bankrupt. If the government lowered spending enough to start paying off what we owe at $1 trillion a year it would take more than 2 centuries to get us out of debt, even if we didn't pay any interest on the money we owe. If we figure the population of the US at 300 million people every man, woman, and child in the US, right now, owes approximately $750,000 for it is the taxpayers who must pay off the money the government borrows.
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
Look, 'eevil gubbermint'! That's what you should really worry about!
The "REGULATIONS" I had to follow on government-sponsored projects *required* we use outdated, thoroughly broken suckerity, such as MD5. It takes less than one second to break MD5. We're not allowed to use effective algorithms such as SHA256, we must use the completely broken MD5. These regulations were of course promulgated by the Obama administration.
I would LOVE it if information security could be fixed by regulation. I'd love it even more if it could be fixed by whining about the other team. Sadly, this is real life, not sports, so rooting for your favorite team does nothing.
Government has created this problem by forcing upon us a national ID number (SSN) and then allowing companies like Equifax to use it to build credit profiles on us. Once our SSN is stolen, itâ(TM)s nearly impossible to get another one. Yes, Equifax is responsible, but the government is the party REALLY responsible. Itâ(TM)s time to abolish the SSN, and all forms of national ID.
You, in your vandalized home after someone broke into it and went through your stuff, and the police officer saying "Hey, ain't that bad, after all, didn't you have someone break in before? You should be used to it by now!"
What do you get for making an officer eat his badge?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
In order for the IRS to create a new secure/authentication system, they need a bill passed in Congress and signed by What's-His-Name telling them to do this. More importantly, they need an yearly appropriation for x years giving them the money to do this. This should take what, a couple-O-weeks on your time scale?
An alternative to producing said system in house, which I might add would require staffing and buying machines to produce said system, is to turn the effort over to private industry...presuming the bills mentioned above got passed and Congress didn't steal their money in year 2 for some shiny, useless object, say, a big, beautiful border wall. Let's look over the field, it cannot be a small company because they couldn't handle the work. The system will need proper security, proper backups, proper access restrictions, interfacing to state systems (last we checked, we had 50 states, Puerto Rico doesn't count after the last hurricane and the U.S. claiming it saw nothing), databases (hint: one giant database is too unwieldy), people to run the system, etc. And the extra staff will be wanting retirement plans, medical insurance, job security, etc. And given the Swiss cheese of our tax laws, that Swiss cheese will need to be imported into the system.
So which company or companies shall it be? Should we turn it over to Uncle Larry at Oracle, he'll steal Uncle Sam blind. How about IBM? Now that they are more of an Indian company, I cannot see that flying through the political minefield without getting its ass shot off. Microsoft? Yep, their middle name is security.
Just Wow :-|
Didn't the IRS just signed a deal with them to do peoples data verification?
Don't fight for your country, if your country does not fight for you.
I generally agree with your sentiment, but your individual debt figure is off by over an order of magnitude. The debt per citizen is a bit over $62K, while the debt per taxpayer is over $168K.
Source: http://www.usdebtclock.org/
Also, I'm not sure how you figure deficit spending is "unconstitutional". The US does not have a balance budget amendment.
Irony: Agile development has too much intertia to be abandoned now.
Yes. because Equifax absolutely would not have gotten hacked if Clinton had won.
And the IRS would have...well they would have done exactly the same thing because there is really nothing they can do about the fact that some private business got hacked.
Short of making every taxpayer come in to an IRS office with a valid ID what could they possibly do? But wait how could we ask someone to come up with an ID to get their tax money when it's just vote suppression when we ask for an ID to vote?
This is not surprising seeing as the IRS is part of the Administration of He Who Shall Not Be Named Responsible.
I'm actually unsure which administration you're trying to blame for this problem, but the IRS has been around for over a century and a half, there's not really much about it that you can blame on a single administration, or even a single party.
The problem is that we, as a country and quite possibly as a species, just can't math. Or rather we can math, but we then throw it all out the window as soon as emotions get involved.
We've spent trillions of dollars and thousands of lives on wars and military actions that in some ways have made the problem worse because 3000 people died in a terrorist attack 16 years ago. Meanwhile over _30,000_ people are killed in car accidents every year, that's more than half a million dead since 9/11. Just a fraction of what we've spent on war could probably have saved a lot of lives if it were invested in traffic safety instead. Or just generally made our lives better if invested in numerous other areas.
Likewise we've spent who knows how much time and money and effort fighting over stupid moral issues like abortion and gay rights and drugs when we should be just letting everyone live their own lives and investing that time and money and effort into potential solutions for real practical problems, like properly updating the SSN "system" and how IRS collects information and taxes. But politicians have learned that inciting moral outrage will get out the vote far more effectively than any practical plan to address real problems, so here we are.
And to be fair this is a problem that happens on both sides of the aisle, though each side has different particular issues they try to stir up outrage about.
This Space Intentionally Left Blank
Subject line says it all. I'm not even going to be bothered to do a gods-be-damned thing unless I see my identity has been stolen or my bank account has been affected because it's already too gods-be-damned late to do anything about it anyway, and thanks so FUCKING MUCH for that, Equifax, YOU HAD ONE JOB AND YOU FUCKED IT ALL UP!
Unfortunately our usual method for ascertaining identity is based on an assumption of privacy of certain personal information. The loss of privacy represented by this breach is certainly something deserving of our outrage. But all that justifiable outrage is dwarfed by the implications of no longer having a reliable way to establish identity in a mobile and technological society. While there is still time before the stolen information is widely disseminated, we need to use the doomed current system to bootstrap an identity system which does not rely on information privacy. Such a system probably should be based on some kind of multi-factor authentication, including both biometrics and digital tokens.
Just imagine having no way to prove who you are. It is one thing to have an individual identity thief steal your identity. It is another thing altogether for there to be no meaningful way to define your identity. Yes, we all have DNA, and most of us have fingerprints, but if our biometrics are not associated with our digital identities, then our digital identities are up for grabs.
From where I'm sitting, it looks like the fundamental infrastructure of our society is being undermined. I don't how much is due to cyber-attacks by foreign governments, and how much is due to glaring flaws in our systems being exploited by individuals. But I do know that if we don't start recognizing and solving problems aggressively, we are headed for some kind of collapse.
Much as I despise Trump, this is unfair criticism. The IRS has been arrogantly abusive and unresponsive to clear needs for well over a decade...and I'm not sure how much over. It doesn't seem to change when the administration changes.
I think we've pushed this "anyone can grow up to be president" thing too far.
I can't believe they charge to freeze / unfreeze credit. This should be free. Americans need a consumer PACT to lobby on their behalf to hold these credit bureaus accountable for their own criminal negligence.
One of these is not like the others.
Gamingmuseum.com: Give your 3D accelerator a rest.
Each of them is not like the others.
This Space Intentionally Left Blank
'The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."'
Yup. Here's my stance: Until an alternative solution to 9-digit numbers comes along, I'm not going to care too much whether or not my identity has been stolen. If everyone adopts this attitude, then businesses will have no choice but to stop treating credit checks as the be-all-end-all solution.
Let's make all social security numbers, birth dates, and addresses public. That way the financial companies will have to find a better way of verifying the identify of people before it gives them access to large sums of money.
re: "when it's just vote suppression when we ask for an ID to vote?"
Mexico, of all places, issues special photo I.D. cards to its voters.
That is why there's no such thing as "undocumented immigrants".
The illegals have plenty of documents...just not the right ones to be lawfully present in the U.S.