If the Internal Revenue Service's Data Retrieval Tool had used end-to-end encryption from the start, the federal government may have been able to avoid a privacy breach that ultimately occurred over the past year.
This tool allowed prospective students to transfer their tax return data to the Education Department for use in loan applications. Earlier this spring, the agency disabled it because identity thieves had used the tool to receive the personal financial data of potentially thousands of taxpayers in an effort to file fraudulent returns.
One of the key lessons from this breach is that deploying default end-to-end encryption should be a priority for all enterprises handling sensitive information, especially the government. Following the president’s recent cybersecurity executive order, which urges federal agencies to “move to the cloud,” properly securing data there is more critical than ever.
Read the full article on Nextgov - All Content