IRS Breach Shows What Happens to PII After it is Sold on the Black Market
The IRS experienced a breach that is changing the way businesses and consumers think about personal information. Reporters attribute the IRS breach to a crime syndicate in Russia, who used personal information obtained elsewhere to exploit the Get Transcript feature on the IRS website. They successfully exploited 104,000 individuals and filed nearly $50 million in fraudulent tax funds.
“This breach is not just about what this single group is going to do with the information, but what happens when this information gets sold on the black market,” said cybersecurity author Peter Warren Singer to The New York Times. “It’s rare for the actual attackers to turn the information directly into money. They’re stealing the data and selling it off to other people.”
As Singer points out, this breach demonstrates how cyber criminals can take stolen data and exploit an online system to pick the pockets of thousands of consumers. Major data breaches thus far have proven that cyber criminals have the know-how to exploit major retailers’ security systems; this breach proves these criminals have more sophisticated schemes in their back pocket to cash in on the information they’ve stolen without having to find a vulnerability in an organization’s security system.
This is costly to businesses as it highlights the limited control they have on security breaches. Maintaining a healthy, secure system helps businesses avoid data breaches, but cyber criminals are working around secure systems by taking advantage of customers’ personal information. Gizmodo reporter Kate Knibbs calls this a “domino effect.” The way it works is that cyber criminals hack into a business’ system and steal customer data. Using that customer data, which includes name, address, email credentials and Social Security number, cyber criminals can log in to another business to make purchases or otherwise financially exploit a business. The result? A business is hijacked without its security system ever being hacked into. Cyber criminals are finding these workarounds, making their schemes more sophisticated and harder to identify from the outside.
So what exactly can we do to mitigate the risk of these types of breaches? Businesses and consumers must develop better habits and methods to protect their identities online. Password reuse is one of the most damaging habits of consumers. In fact, six out of 10 admit to reusing passwords across multiple sites. Convenience typically wins over security when it comes to interacting online. Businesses must innovate convenient options for consumers to better protect their digital identities. In the meantime, monitoring customer and employee credentials is a business’ best bet for protecting their assets.
How does this breach affect the way businesses handle security? How can businesses and consumers prioritize security over convenience when it comes to protecting digital identities? Let us know what you think on Facebook, Twitter and LinkedIn.