IRS leaks 100K taxpayers' data to identity thieves

[Read the post]

Actually, the system doesnā€™t work the way you think it works. Iā€™ve helped clients use it several times. At no point do you store a secret answer for later retrieval. Instead, the system queries TransUnion for secret questions. TransUnion knows everything. For comparison, many financial institutions also use the same system.

5 Likes

If someone steals it, was it leaked?

1 Like

The answer depends on how pedantic you want to be about semantics.

Leaked in the whistleblower sense would not be correct.

However saying that the IRSā€™ system was leaky with a meaning similar to a ā€œleaky boatā€ would be valid. There was a security ā€œholeā€ in the design of the software that allowed private information to flow out of the system in ways it should not have. Without the attackers even needing to break the system or break into the system in any way.

IIRC in some discussions on computer security we do refer to things as leaky. For example ā€˜side-channel leakageā€™ in a side-channel attack.

Most overused word of 2015

Can we have a moratorium on the use of pedantic.

Or is that being to priggish?

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.