IRS hack: Questions ‘only you know’ easy to answer

Source: National Cyber Security – Produced By Gregory Evans

SAN FRANCISCO – The hackers who got access to over 100,000 personal records through the Internal Revenue Service’s Get Transcript site didn’t need all that much information to break in, say experts. The IRS said Tuesday that cybercriminals used personal data obtained from elsewhere to get into the transcript service, which allows users to view tax account transactions, line-by-line tax return information and wage and income reported to the IRS. To access that information, a legitimate user–or a thief–required a name, Social Security number, date of birth, filing status (single, married, etc) and a street address. Next they needed to answer several personal identity verification questions “that only you can answer,” in the words of the IRS site. These are known as knowledge-based authentication, or KBA, challenges. They came from a service offered by the credit bureau Equifax, according to security writer Brian Krebs. Those included information such as a prior address or phone number or car or home loan information. Users had to supply the correct answer to four such questions. The problem is, that type of data is readily purchased on the Internet underground, where vast databases containing fully built-out portfolios on tens of thousands of people can […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post IRS hack: Questions ‘only you know’ easy to answer appeared first on National Cyber Security.

View full post on National Cyber Security