After a security event, some Floridians may be forced to reevaluate their finances. Researcher Kamran Mohsen Tells TechcrunchThe Florida Department of Revenue website had an error that allowed hundreds of applicants to see their bank accounts and Social Security numbers. Logging in to the Florida Department of Revenue website can allow you to view, modify or delete personal data. You just need to change the link that links to the application number.
Mohsen stated that there were more than 713,00 applications in the management pipeline when the bug was discovered. The bug was discovered by management optimizer on October 27.
Bethany Wester, representative for the department, stated that the government had fixed the flaw within four working days of the report and that two unnamed companies had deemed the site safe. It stated that there was no evidence that attackers misused the flaw, but did NOT explain how administrators could detect misuse. Within four days of discovering the problem, the agency reached out to each taxpayer by phone or in writing and offered one year of credit monitoring.
These errors, known to be unsafe direct object references (or tort), are relatively easy fixes. This tort may be less severe than other tax-related offenses such as a Healthcare.gov snoopingIn 2018, 75,000 people were hacked. Still, the incident underscores the potential harm from poor security — even exposure on a small scale like this can be used to commit tax fraud and steal refunds.
Engadget recommends products only that are chosen by our editorial staff, and not the parent company. Some stories may contain affiliate links. We may earn an affiliate commission if you purchase something through one these links. All prices correct as of the date of publication.
Source link
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]
