Slashdot Mirror
'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS (thehill.com)
An anonymous reader quotes a report from The Hill: The IRS does not expect the Equifax data breach to have a major effect on the upcoming tax filing season, Commissioner John Koskinen said Tuesday, adding that the agency believes a "significant" number of the victims already had their information stolen by cyber criminals. "We actually think that it won't make any significantly or noticeable difference," Koskinen told reporters during a briefing on the agency's data security efforts. "Our estimate is a significant percent of those taxpayers already had their information in the hands of criminals." The IRS estimates that more than 100 million Americans have had their personally identifiable information stolen by criminal hackers, he said.
The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."
The Equifax breach disclosed in early September is estimated to have affected more than 145 million U.S. consumers. "It's an important reminder to the public that everyone can take any actions that they can ... to make sure we can do everything we can to protect personal information," Koskinen said of the breach on Tuesday, in response to a reporter's question. The IRS commissioner advised Americans to "assume" their data is already in the hands of criminals and "act accordingly."
...cuz it's already been stolen. These are the same guys that tax civil forfeiture.
--
"Throw all the tea over!" -- Ben Franklin
When asked for clarification, they responded "Everything is screwed anyways, so who cares!"
Does it make it suddenly better.. or more OK.. that there were multiple companies that were so lax in security to release information to the bad guys? Is this an attempt at an "out" for Equifax? Can the IRS provide unequivocal facts proving that the Equifax breach had a "significant" overlap with previous breaches?
I mean come on. The IRS just nuked Equifax's contract is this supposed to make them feel a little bit better?
There is no "acceptable" release of information from a security breach.
That's the best they can do?
Requiem for the American Dream
Because.... Accountants don't want that and their progression has leverage?
Did I win?
Requiem for the American Dream
>"'Significant' Number of Equifax Victims Already Had Info Stolen, Says IRS"
Then what would the IRS have possibly gained by trying to use Equifax's services to help prevent fraud?
Or perhaps this is code for "don't look at the man behind the curtain" or "oh, don't worry, we got ya covered anyway" or "see, none of this really mattered anyway, so let's not talk about security or misuse of the SSN as a universal ID number anymore." So many possibilities. Yeesh
"assume" their data is already in the hands of criminals and "act accordingly."
...And do what exactly? Burn our current identity and get a new one out of the bag that we have hidden in a locker at the bus station? Whee, I am now Raoul Yankinov now, bricklayer from New Jersey!
If the government is going to hoard PI and not defend it with ICE and brutal cyber crime laws, they better come up with a better fucking plan 'b' for when they worked over by everyone on the Internet who can write a script.
HA! I just wasted some of your bandwidth with a frivolous sig!
That is what they do. And sell the information to anyone who'll pay.
And the people of America think that is a good idea.
The data leaks just mean that some people are getting the data for free.
Progression ->Profession
Requiem for the American Dream
I have been part of the Anthem, Yahoo!, Equifax, and few other data breaches.
Getting the "Your data has been stolen and we're giving you free identity protection" letters has become routine for me.
THEN I call the 800 number on my credit report and I get some foreigner. When I ask where are they, I get "We cannot disclose that for security reasons." bullshit.
So, _I_ have to disclose all my personal data to someone in some god knows where country to get customer service and _I_, the customer, cannot know that for "security reasons"?
Guilty parties;
Bank of America
JP Morgan Chase
Equifax
Transunion
Experion
and every goddamn financial services company out there.
They are blasting ALL of our information all over the World. Meaning, Equifax may not have been a hack but an inside job - or at least some Third World sub-sub-contractor who got our information.
They don't give a shit.
I don't know about most of you but I've shared most my information on a very limited need to know basis. It's extremely unlikely most of my information was stolen prior to this idiotic event. Sure, some companies had some mailing addresses and credit card numbers but very few had everything together or my SSN. Now these idiots handed a consolidated version of it over and as usual there's no real repercussions. When will citizens of this country finally get upset enough to take action against this garbage and turn this country around. Oh wait, I forgot the 2016 election was basically a unanimous "I quit caring."
What makes the tax code complicated is not the tax brackets. That's a simple spreadsheet. What makes it complicated is the number of exceptions, which allow Warren Buffet to effectively pay a lower tax rate than his secretary. You can simplify the tax code without going to a flat tax, and a flat tax doesn't inherently mean that the exceptions have been removed.
Or, maybe we can allow a flat tax only under certain eligibility conditions: No government contracts or subsidies, no lobbying, and none of either through proxies for 10 years, and you are eligible for a flat rate with no deductions.
This is my signature. There are many like it, but this one is mine.
Three times in the last few months I've found that some company I once bought an item or service from has kept my credit card details "on file" just in case I fail to pay for subsequent purchases. They never asked permission, which would have been denied, but how can I stop them? I told each of them that single action has resulted in my never doing business with them again. These are businesses that have only a few employees, no chance of an IT person, let alone an actual security policy nor any idea what "best practices" means. Yet they think it's fine to keep those details from every credit transaction they've had going back for years.
There really should be big fines on this sort of irresponsible collection of sensitive data.
On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
Seg Fault
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
The IRS knows that half that US taxpayers just got hacked, and 1/3 were already hacked. What are they doing to avoid giving refunds to the wrong parties? What are they doing to establish a new secure authentication/identification system that hasn't been hacked? What are they doing in any way, shape, or form?
The answer to all these is NOTHING.
The IRS has the responsibility of collecting operating funds for the largest most affluent government in the world... and instead of securing their clients, securing their procedures, or securing their systems... all they do is say "Don't worry - you were already hacked."
This is not surprising seeing as the IRS is part of the Administration of He Who Shall Not Be Named Responsible.
Is there any part of this Administration that can sink any lower?
E
I liked your first 2 lines very much.. But flat taxes - I'm not so sure.
I'm not sure how you think that would work long-term. Perhaps I'm missing something but...
If you're proposing that the government is only allowed to collect taxes (a percentage of the total paid) on money they've paid out directly, it seems to me that they'd necessarily run out of money in short order. Unless, of course, you think the government firing up the presses every time an expense comes up is actually a good thing?
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Is there any part of this Administration that can sink any lower?
This can't be the first time you've asked that. Have you not learned that they're more than happy to answer? PLEASE, stop asking!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
The system we have is great. It is so complicated that only the worthy may escape the maze.
Requiem for the American Dream
My point was to eliminate the hypocrisy of say, Raytheon, getting tax cuts under a vague "taxation is theft" or "small government" mantra. If taxation is theft, then their profits were built upon theft., and thus, at least partially invalid.
This is my signature. There are many like it, but this one is mine.
1 - allow all that personal info used to authenticate you to be stolen.
2 - everyone's tax returns get stolen (likely by intelligence agencies to fill their black fund pools).
3 - solve the problem with a universal chip-based token system (some smart card) for use with all government activities
4 - expand that to solve other identification "problems"
5 - replace cash with a government account linked to your universal ID
etc. etc. etc.
It always starts with the fear.
Just hold still.
Have gnu, will travel.
Let loose the class action lawsuits.
Every time some dumbass creditor loans money out to someone on strength of this stolen information and doesn't get paid, but turns around and trashes the person identified by the information, sue the creditor.
I know that if I were on a jury I'd be like, "You idiot creditor. You didn't get repaid because you didn't bother to really verify the identity of the person you gave money to. And then you think you're justified in trashing this innocent person's reputation? Well, I feel justified in handing that innocent person a LARGE payment for damages. Yeah, I think $1M ought to cover it."
You have a very odd idea as to what being "affluent" is. The Federal government owes more than $225 trillion which includes $205 trillion in unfunded liabilities that Congress has unconstituionally spent without making any provision to pay.
It seems you think debt == affluence, and the more debt you have the richer you are.
The US is bankrupt. If the government lowered spending enough to start paying off what we owe at $1 trillion a year it would take more than 2 centuries to get us out of debt, even if we didn't pay any interest on the money we owe. If we figure the population of the US at 300 million people every man, woman, and child in the US, right now, owes approximately $750,000 for it is the taxpayers who must pay off the money the government borrows.
"while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude." de Tocqueville
Most of the paperwork seems to be in documenting income and determining what counts as income, and all of the deductions. Going to 3 or 1 bracket does not reduce the amount of paperwork by much, since its not the source of most of the complexity.
The "REGULATIONS" I had to follow on government-sponsored projects *required* we use outdated, thoroughly broken suckerity, such as MD5. It takes less than one second to break MD5. We're not allowed to use effective algorithms such as SHA256, we must use the completely broken MD5. These regulations were of course promulgated by the Obama administration.
I would LOVE it if information security could be fixed by regulation. I'd love it even more if it could be fixed by whining about the other team. Sadly, this is real life, not sports, so rooting for your favorite team does nothing.
You, in your vandalized home after someone broke into it and went through your stuff, and the police officer saying "Hey, ain't that bad, after all, didn't you have someone break in before? You should be used to it by now!"
What do you get for making an officer eat his badge?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The SSN isn't that big a problem. The problem is that for some odd reason it's not used for identification but for authorization.
THAT is the essential problem here.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Especially since the IRS signed and then temporarily (!!!) suspended a multimillion Dollar contract with Equifucks. When does the government start protecting its residents from crime and evil? Why is Equifucks still in business? Close that shop down and throw the managers in jail.
Yes, throw the buggers in jail. Now please explain precisely under which law we will do this?
In order for the IRS to create a new secure/authentication system, they need a bill passed in Congress and signed by What's-His-Name telling them to do this. More importantly, they need an yearly appropriation for x years giving them the money to do this. This should take what, a couple-O-weeks on your time scale?
An alternative to producing said system in house, which I might add would require staffing and buying machines to produce said system, is to turn the effort over to private industry...presuming the bills mentioned above got passed and Congress didn't steal their money in year 2 for some shiny, useless object, say, a big, beautiful border wall. Let's look over the field, it cannot be a small company because they couldn't handle the work. The system will need proper security, proper backups, proper access restrictions, interfacing to state systems (last we checked, we had 50 states, Puerto Rico doesn't count after the last hurricane and the U.S. claiming it saw nothing), databases (hint: one giant database is too unwieldy), people to run the system, etc. And the extra staff will be wanting retirement plans, medical insurance, job security, etc. And given the Swiss cheese of our tax laws, that Swiss cheese will need to be imported into the system.
So which company or companies shall it be? Should we turn it over to Uncle Larry at Oracle, he'll steal Uncle Sam blind. How about IBM? Now that they are more of an Indian company, I cannot see that flying through the political minefield without getting its ass shot off. Microsoft? Yep, their middle name is security.
Didn't the IRS just signed a deal with them to do peoples data verification?
Don't fight for your country, if your country does not fight for you.
I generally agree with your sentiment, but your individual debt figure is off by over an order of magnitude. The debt per citizen is a bit over $62K, while the debt per taxpayer is over $168K.
Source: http://www.usdebtclock.org/
Also, I'm not sure how you figure deficit spending is "unconstitutional". The US does not have a balance budget amendment.
Irony: Agile development has too much intertia to be abandoned now.
This is not surprising seeing as the IRS is part of the Administration of He Who Shall Not Be Named Responsible.
I'm actually unsure which administration you're trying to blame for this problem, but the IRS has been around for over a century and a half, there's not really much about it that you can blame on a single administration, or even a single party.
The problem is that we, as a country and quite possibly as a species, just can't math. Or rather we can math, but we then throw it all out the window as soon as emotions get involved.
We've spent trillions of dollars and thousands of lives on wars and military actions that in some ways have made the problem worse because 3000 people died in a terrorist attack 16 years ago. Meanwhile over _30,000_ people are killed in car accidents every year, that's more than half a million dead since 9/11. Just a fraction of what we've spent on war could probably have saved a lot of lives if it were invested in traffic safety instead. Or just generally made our lives better if invested in numerous other areas.
Likewise we've spent who knows how much time and money and effort fighting over stupid moral issues like abortion and gay rights and drugs when we should be just letting everyone live their own lives and investing that time and money and effort into potential solutions for real practical problems, like properly updating the SSN "system" and how IRS collects information and taxes. But politicians have learned that inciting moral outrage will get out the vote far more effectively than any practical plan to address real problems, so here we are.
And to be fair this is a problem that happens on both sides of the aisle, though each side has different particular issues they try to stir up outrage about.
This Space Intentionally Left Blank
Except a lot of criminals either have no real jobs or won't pay taxes. When's the last a drug dealer paid taxes on his business dealings, or the mob didn't cook the crap out of their books?
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Subject line says it all. I'm not even going to be bothered to do a gods-be-damned thing unless I see my identity has been stolen or my bank account has been affected because it's already too gods-be-damned late to do anything about it anyway, and thanks so FUCKING MUCH for that, Equifax, YOU HAD ONE JOB AND YOU FUCKED IT ALL UP!
Unfortunately our usual method for ascertaining identity is based on an assumption of privacy of certain personal information. The loss of privacy represented by this breach is certainly something deserving of our outrage. But all that justifiable outrage is dwarfed by the implications of no longer having a reliable way to establish identity in a mobile and technological society. While there is still time before the stolen information is widely disseminated, we need to use the doomed current system to bootstrap an identity system which does not rely on information privacy. Such a system probably should be based on some kind of multi-factor authentication, including both biometrics and digital tokens.
Just imagine having no way to prove who you are. It is one thing to have an individual identity thief steal your identity. It is another thing altogether for there to be no meaningful way to define your identity. Yes, we all have DNA, and most of us have fingerprints, but if our biometrics are not associated with our digital identities, then our digital identities are up for grabs.
From where I'm sitting, it looks like the fundamental infrastructure of our society is being undermined. I don't how much is due to cyber-attacks by foreign governments, and how much is due to glaring flaws in our systems being exploited by individuals. But I do know that if we don't start recognizing and solving problems aggressively, we are headed for some kind of collapse.
So the answer is to get rid of the deductions.
Personally, I don't favor a flat tax, but rather a linear tax with an offset as well as a flat tax rate, but that *is* a bit more complex.
I think we've pushed this "anyone can grow up to be president" thing too far.
Much as I despise Trump, this is unfair criticism. The IRS has been arrogantly abusive and unresponsive to clear needs for well over a decade...and I'm not sure how much over. It doesn't seem to change when the administration changes.
I think we've pushed this "anyone can grow up to be president" thing too far.
One of these is not like the others.
Gamingmuseum.com: Give your 3D accelerator a rest.
Each of them is not like the others.
This Space Intentionally Left Blank
Let's make all social security numbers, birth dates, and addresses public. That way the financial companies will have to find a better way of verifying the identify of people before it gives them access to large sums of money.