IRS, tax preparers decide to share and share alike

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The Inter­nal Rev­enue Ser­vice and pri­vate tax pre­par­ers are beef­ing up efforts to lim­it tax-relat­ed iden­ti­ty theft for the 2016 fil­ing sea­son, test­ing more than 20 new safe­guards to pro­tect tax­pay­ers’ infor­ma­tion. The IRS, state tax author­i­ties and tax prepa­ra­tion com­pa­nies will share details about sus­pi­cious tax returns as they’re filed, let­ting tax author­i­ties adjust fraud fil­ters and catch sus­pi­cious returns more quick­ly. Tax pre­par­ers also agreed to stricter login require­ments to bet­ter pro­tect data. The new safe­guards mark the lat­est effort in an infor­ma­tion-shar­ing strat­e­gy among the IRS, state tax author­i­ties and the pri­vate tax prepa­ra­tion indus­try to halt a surge in tax refund fraud. So far, 34 states and 20 tax prepa­ra­tion com­pa­nies have signed on; more are expect­ed to enroll lat­er. “We have nev­er had this lev­el of coop­er­a­tion or shar­ing,” IRS Com­mis­sion­er John Kosk­i­nen said. “We will col­lect (infor­ma­tion) in real time, and we will pull it togeth­er and share it back out so every­one has access to that infor­ma­tion.” Source: The Wash­ing­ton Post

Insurance costs may drive standard operating procedures

Cyber insur­ance pre­mi­ums could prove a big dri­ver of Inter­net of Things stan­dards. Machine-to-machine com­mu­ni­ca­tion has grown up in sep­a­rate silos for every indus­try, but as it expands in the com­ing years as part of the broad­er IoT wave, stan­dards could save a lot of cost and effort, speak­ers at a net­work­ing con­fer­ence said. Hav­ing a com­mon approach that works can save IoT ven­dors from hav­ing to rein­vent the wheel, said Jim Zerbe, head of IoT prod­uct at Neustar, a real-time infor­ma­tion ser­vices and ana­lyt­ics com­pa­ny. For a long time, machine-to-machine secu­ri­ty has relied on indus­try-spe­cif­ic tech­nolo­gies and “secu­ri­ty through obscu­ri­ty,” result­ing in eas­i­ly hack­able sys­tems. Stan­dard, open tech­nolo­gies across indus­tries can attract armies of devel­op­ers to build strong defens­es. Insur­ers will help to ush­er in that approach, said Bruce Gustafson, Ericsson’s vice pres­i­dent of gov­ern­ment and indus­try affairs for North Amer­i­ca. Cyber insur­ance is a young busi­ness still try­ing to cal­cu­late the risk of a breach, but as it matures, insur­ers will look for safe­guards they can rely on. The idea is that they’ll take to data secu­ri­ty standards—the stronger the better—the same way they’ve pushed seat belts and airbags to cut down on auto acci­dent risk. Source: PC World

Dudes, we totally fooled Verizon and AOL

sh_CIA_280A hack­er who claims to have bro­ken into the AOL account of CIA Direc­tor John Bren­nan says he got access by pos­ing as a Ver­i­zon work­er to trick an employ­ee into reveal­ing the spy chief’s per­son­al data. Using infor­ma­tion such as the four dig­its of Brennan’s bank card, which Ver­i­zon eas­i­ly relin­quished, the hack­er and his asso­ciates were able to reset the pass­word on Brennan’s AOL account repeat­ed­ly as the spy chief fought to regain con­trol of it. The doc­u­ments they accessed includ­ed the sen­si­tive 47-page SF-86 appli­ca­tion that Bren­nan had filled out for his top-secret gov­ern­ment secu­ri­ty clear­ance. The hack­er, who says he’s under 20 years old, said he and two oth­er peo­ple worked on the breach. He says they did a reverse lookup of Brennan’s mobile phone num­ber to dis­cov­er that he was a Ver­i­zon cus­tomer. Then one of them posed as a Ver­i­zon tech­ni­cian and called the com­pa­ny ask­ing for details about Brennan’s account. “(W)e told them we work for Ver­i­zon, and we have a cus­tomer on sched­uled call­back,” he said, adding that he was unable to access Verizon’s cus­tomer data­base on his own because “our tools were down.” After pro­vid­ing the Ver­i­zon employ­ee with a fab­ri­cat­ed employ­ee Vcode—a unique code he says Ver­i­zon assigns employees—they got Brennan’s account num­ber, his four-dig­it PIN, the back­up mobile num­ber on the account, Brennan’s AOL email address, and the last four dig­its on his bank card. They then called AOL and said they were “locked out of our AOL account,” he said. “They asked secu­ri­ty ques­tions like the last 4 on [the bank] card and we got that from Ver­i­zon, so we told them that, and they reset the pass­word.” AOL also asked for the name and phone num­ber asso­ci­at­ed with the account, all of which the hack­ers had obtained from Ver­i­zon. Source: MSN News

The question is, are you secure in your security?

F-Secure has released the Cyber Secu­ri­ty Stress Test, an online ques­tion­naire to help com­pa­nies and employ­ees learn more about the kinds of weak­ness­es that can expose them to data breach­es. IT pro­fes­sion­als can use the 20-ques­tion test to find gaps in their secu­ri­ty strate­gies. A recent F-Secure sur­vey shows that com­pa­nies are mak­ing invest­ments in solu­tions that are out of sync with their secu­ri­ty pri­or­i­ties, cre­at­ing a sit­u­a­tion where they’re expos­ing them­selves to the very risks they want to avoid.  The Cyber Secu­ri­ty Stress Test cov­ers such top­ics as end­point pro­tec­tion, net­work secu­ri­ty, and com­pa­ny roles and poli­cies. The test attempts to pro­vide indi­ca­tors that IT per­son­nel can use to iden­ti­fy prob­lem­at­ic areas in their company’s secu­ri­ty. Source: Mar­ket Wired

House panel looks at letting hack victims strike back

Hacker breaks into computerThe House For­eign Rela­tions Com­mit­tee is look­ing into leg­is­la­tion that could help Amer­i­can com­pa­nies retal­i­ate against mali­cious cyber activ­i­ty, Rep. Mike McCaul, R-Texas, said. “Right now, one of the laws on the books is it is ille­gal to hack back … so we are look­ing at pos­si­bly bring­ing in some leg­is­la­tion that deals with this,” McCaul said. Cur­rent pol­i­cy pro­hibits U.S. com­pa­nies from “hack­ing back,” or oth­er­wise retal­i­at­ing to cyber attacks, cyber theft and oth­er mali­cious actions against them. How­ev­er, McCaul explained that he sees “a grow­ing move­ment in the pri­vate sec­tor for us to leg­is­late in this area.” U.S. com­pa­nies, he not­ed, are frus­trat­ed at their inabil­i­ty to con­duct active net­work defense. Despite hack-backs being ille­gal, many U.S. com­pa­nies do it any­way, “because the rest of the world does it, except for us,” McCaul said. Source: Sput­nik News

Apple chief wants that back door closed

Apple’s chief exec­u­tive offi­cer and the direc­tor of the Nation­al Secu­ri­ty Agency squared off about how much access tech­nol­o­gy com­pa­nies should afford U.S. intel­li­gence agen­cies. Apple CEO Tim Cook assert­ed his oppo­si­tion to back doors in data encryp­tion meant to allow intel­li­gence agen­cies to sneak through, min­utes after NSA Direc­tor Admi­ral Michael Rogers acknowl­edged a bal­ance that need­ed to be struck between safe­guard­ing user pri­va­cy and an abil­i­ty to iden­ti­fy secu­ri­ty threats. Law enforce­ment and intel­li­gence agen­cies have argued that access to pri­vate data is essen­tial for nation­al secu­ri­ty and fight­ing crime. Tech­nol­o­gy com­pa­nies oppose so-called back doors because it com­pro­mis­es user infor­ma­tion and may jeop­ar­dize their busi­ness­es. “You can’t have a back door in the soft­ware because you can’t have a back door that’s only for the good guys,” Cook said. Source: Today Online

Sun shines on Sony workers in lawsuit deal

sh_sony_280Sony Pic­tures Enter­tain­ment will pay up to $8 mil­lion to resolve a law­suit by employ­ees who claimed their per­son­al data was stolen in a 2014 hack­ing tied to the studio’s release of The Inter­view, a com­e­dy set in North Korea. The set­tle­ment with the Sony unit and cur­rent and for­mer employ­ees was dis­closed in papers filed in fed­er­al court. Under the deal, Sony will pay up to $2.5 mil­lion, or $10,000 per per­son, to reim­burse employ­ees for iden­ti­ty theft loss­es and up to $2 mil­lion, or $1,000 per per­son, to reim­burse them for pro­tec­tive mea­sures they took after the cyber attack. Sony also has agreed to pay up to $3.49 mil­lion to cov­er legal fees and costs, accord­ing to court papers. The set­tle­ment must be approved by a judge. Source: Reuters

Counting the costs down to the penny

Piv­ot­Point Risk Ana­lyt­ics launched a prod­uct that aims to help orga­ni­za­tions quan­ti­fy their cyber­se­cu­ri­ty risk by gaug­ing how much a breach could cost, includ­ing a break­down of how much addi­tion­al secu­ri­ty con­trols in areas such as account access, inci­dent response, train­ing and mal­ware defens­es could reduce that fig­ure. The prod­uct asks about their biggest mon­ey­mak­ing oper­a­tions and most crit­i­cal oper­a­tions, and how busi­ness would be affect­ed if spe­cif­ic sys­tems were shut down or data were leaked. Sev­en cyber insur­ers have part­nered with the com­pa­ny, says Julian Waits, pres­i­dent and chief exec­u­tive of Piv­ot­Point. If its esti­mates prove reli­able, the prod­uct could be a game-chang­er for the cyber insur­ance indus­try, which strug­gles with under­writ­ing in a nascent field where things such as lost sales, a dam­aged brand, and lia­bil­i­ty law­suits are dif­fi­cult to quan­ti­fy. “We can go, ‘Here are the places where they have holes in their secu­ri­ty,’ ” Waits says. “If you can spend some mon­ey in these areas for­ti­fy­ing your­self, you can low­er that risk.” Source: Mar­ket Watch

Care services might be caring for the wrong folks

sh_disabled_280An advo­ca­cy group for peo­ple with dis­abil­i­ties is work­ing to arrange legal help for indi­vid­u­als con­cerned about their health infor­ma­tion after an alleged data breach involv­ing two licensed home care agen­cies. Any­one who is or was affil­i­at­ed with Angels in Your Home as a client or health care aide can con­tact the Cen­ter for Dis­abil­i­ties Rights, CEO Bruce Dar­ling said. “As an advo­ca­cy orga­ni­za­tion, we rep­re­sent the needs of peo­ple with dis­abil­i­ties in gen­er­al,” Dar­ling said. “We are encour­ag­ing … indi­vid­u­als who believe or know their infor­ma­tion was com­pro­mised, mis­used or stolen (to con­tact CDR) so we can coor­di­nate between the impact­ed dis­abled indi­vid­u­als and the legal com­mu­ni­ty to make sure that they have rep­re­sen­ta­tion.” On Sun­day, CDR issued a news release alleg­ing that pro­tect­ed health infor­ma­tion of clients of Angels in Your Home was tak­en by the for­mer CEO of that agency and was being used to recruit clients to a new agency, All-Amer­i­can Home Care. Michael Smith, attor­ney for for­mer Angels in Your Home CEO Mar­co Altieri, denied the alle­ga­tions, but declined fur­ther com­ment. Attor­neys or rep­re­sen­ta­tives for cur­rent Angels in Your Home lead­er­ship did not respond to voice mail or email mes­sages. Source: The (Rochester, N.Y.) Demo­c­rat and Chron­i­cle

Will CISA finally see the light of day?

Sen­ate Major­i­ty Leader Mitch McConnell says that a long-stalled cyber bill is next on the Senate’s agen­da. “It’s my plan to move to cyber­se­cu­ri­ty. We have an agree­ment to get on the bill. We have a num­ber of amend­ments in the queue,” the Ken­tucky Repub­li­can said. The Cyber­se­cu­ri­ty Infor­ma­tion Shar­ing Act (CISA) has been stalled for months because of a packed Sen­ate floor sched­ule and a fight from pri­va­cy advo­cates about the leg­is­la­tion, which is meant to increase the abil­i­ty to share infor­ma­tion on cyber threats between the gov­ern­ment and busi­ness­es. CISA orig­i­nal­ly came to the Sen­ate floor ear­li­er this year ahead of the August recess. Law­mak­ers punt­ed on the leg­is­la­tion but agreed to con­sid­er at least 22 amend­ments with no lim­it on time when the leg­is­la­tion was brought back up. McConnell, how­ev­er, added that the Sen­ate could take a vote on final pas­sage of the cyber bill “as soon as next week.” Source: The Hill