Lockbit says it has hit eFile.com, again

by DTM | Posted on

American online tax filing platform, eFile.com, appears to have suffered (yet another) ransomware attack.

Earlier this week, ransomware operators LockBit added the company to their extortion site, threatening to leak the files stolen during the raid, The Register reports. However, the company has not yet confirmed, nor denied, the attack.

Therefore, we don’t know if the attack even occurred, and even if it did – what kind of data the hackers stole, who was affected, and how many people are at risk.

Tax season

eFile.com is not a government organization, and is not affiliated with the Internal Revenue Service (IRS) in any way. It is a private, commercial, online tax filing platform that allows users to prepare and e-file their federal and state tax returns electronically. It offers both free and paid options, and comes with a user-friendly interface and step-by-step guidance to simplify the tax filing process. It is, however, authorized by the IRS to run its business.

Cybercriminals are no strangers to attacking the IRS, or other businesses adjacent to tax obligations. However, the attacks usually occur during the tax season (between early January and mid-April in a year), since in that period hackers have a solid chance of not being spotted quickly. Most of the time, the crooks would impersonate the IRS and send out phishing emails to their victims, to get them to either install malware, or share sensitive information.

In some cases, the crooks would obtain so much PII that they would steal a person’s identity and file their tax returns, essentially stealing money from them.

This attack, having happened outside tax season, raises many questions. The Register, for example, suspects the crooks might be recycling data from a 2022 breach. They could also be straight-up lying, in an attempt to regain some fame after being disrupted by law enforcement.

Via The Register

More from TechRadar Pro