Last week, the IRS announced that another 390,000 taxpayer accounts had been identified as potentially accessed by thieves who hacked into their systems, bringing the total number of accounts affected to around 724,000. The initial breach was realized last May and occurred when criminals used the IRS’ Get Transcript online application to access this personal data for some taxpayers.
The IRS has said it will notify taxpayers whose accounts may have been affected, allowing them to request identity protection personal identification numbers for more secure tax filings, offering free credit report fraud monitoring for a year and more closely scrutinizing returns with those Social Security numbers.
The IRS is not alone in this kind of cyberattack of government agencies. A 2015 hack of the Office of Personnel Management data exposed the personal information of 22 million current and former federal employees. Although security is often cast as a largely technical problem, employees are often the weakest links. For instance, in a State Department hack reported in 2015, an employee reportedly clicked a malicious link within a phishing email. After the malware was downloaded to the employee's computer, the attackers penetrated into networks across the U.S. and foreign locations, including embassies.
Hacking of U.S. government electronic systems is a near-constant threat. Attacks allegedly come from criminal gangs in Russia and Central and Eastern Europe, often seeking financial information from systems like the IRS’ system, which holds personal data on hundreds of millions of taxpayers. Other cyberattacks can come from skilled foreign operatives, such as hackers allegedly working for the Chinese government, trying to extract high-value intellectual property or gather intelligence.
While these attacks on government systems garner large headlines, cybercrime is not isolated to these types of institutions, but rather is becoming widespread. It is a significant threat to CPA firms and their clients as well. For CPAs and other businesses, the loss of client or customer information and employee records to a cyberattack can cost millions of dollars and do significant harm to reputation and image.
The total average cost of a data breach in 2014 was $3.8 million, up from $3.5 million the prior year, according to a study by the data security research organization Ponemon Institute, paid for by International Business Machines Corp. The direct costs of a data breach include hiring experts to fix the breach, investigating the cause, setting up hotlines for customers and offering credit monitoring for victims. Business lost because customers are wary after a breach can be even greater, the study said.
CPAs need to make sure they are taking appropriate steps to minimize their chances of being attacked and hacked. Investing in preventative measures is far less costly than dealing with the aftereffects of a data breach.
AICPA has recently created a new Cybersecurity Resource Center for CPAs. You can visit the Resource Center to access cybersecurity news and information, including resources from the AICPA Information Management and Technology Assurance’s Cybersecurity Task Force.
You can visit the AICPA Cybersecurity Resource Center at:
This is great information that every business should be made aware of so that they can take the proper protections to ensure their data against cybercrime. As you mentioned, phishing scams are just as big of a threat to data as cyber attacks. In fact, the IRS has reported an alarming 400 percent surge in phishing and malware incidents in the 2016 tax season alone, requiring taxpayers to be more vigilant than ever. I recently wrote an article that goes into detail about IRS imposter scams and what people should do in order to protect themselves from them. You can read it here if you like: http://www.sagiss.com/blog/why-cybercriminals-love-tax-season . Cheers!
Posted by: SagissIT | 06/22/2016 at 12:07 PM