14 DAY TRIAL // The United States Internal Revenue Service (IRS) has suffered a data breach in which the personal details of 20,000 employees have been exposed. The incident is a result of an employee mishandling an unencrypted thumb drive, not a malicious attack from outside the organization.
In a statement regarding the incident, the IRS has revealed that the thumb drive contained the details of employees. The information dates back to 2007 or earlier. No taxpayer information has been exposed and the IRS is confident that this has been an isolated incident.
“The incident stems from an employee's use of an unencrypted thumb drive and does not involve a third-party breach of any of our systems. This was not a problem with our network or systems, but rather an isolated instance. We are working cooperatively with TIGTA, as it continues its review of this matter and will take appropriate action,” the IRS stated.
“At this point, we have no direct evidence to indicate this personal information has been used for identity theft or other inappropriate uses. The IRS strongly believes this situation could not occur in today’s environment, because starting in 2008 we added automatic encryption for any external portable devices attached to our systems.”
IRS Commissioner John Koskinen has provided Reuters with additional details regarding the breach. Koskinen has revealed that the employee in question plugged the unencrypted USB drive into his home network.
This might have made the data on the drive accessible to third parties. A possible scenario is one in which the computer to which the drive was connected contained malware that could have stolen the data.
The exposed information includes names, social security numbers and addresses of current, former and contracted employees. It’s uncertain if any action has been taken against the individual who plugged in the thumb drive on his home computer.
Another insider breach that made a lot of headlines these days is the one that impacted British supermarket chain Morrisons. However, the Morrisons breach is far more serious since it has affected a total of 100,000 employees.
Someone with access to payroll data is said to have stolen the information and posted it on a website. The incident came to light after someone copied the data and sent it to a newspaper.
One employee has been arrested in connection with the incident. It’s uncertain what might have driven the individual to expose the details of so many people.