IRSのオンラインサービスで納税証明(transcript)のダウンロードが出来るんだけど、そのサービスが攻撃対象。
In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems. The multi-layer process also requires an additional step, where applicants must correctly answer several personal identity verification questions that typically are only known by the taxpayer.
いやしかし、「前の住所」とかその気になればネットで調べられると思うけど、それを"sophisticated effort"とか。。。セキュリティの意識が低すぎな気がするなぁ。
まあなんでこの記事をエントリーにしようかと思ったかといえば、最近自分でこの"Get Transcript"を銀行のローン申請のために使ったんで。
The IRS temporarily shut down the Get Transcript application last week after an initial assessment identified questionable attempts were detected on the system in mid-May. The online application will remain disabled until the IRS makes modifications and further strengthens security for it.
このアタックのせいでオンライン納税証明申請は無効に。これがescrow中に起きなくてほんとよかったかも。