The IRS has announced that over 104,000 taxpayers have had their personal data stolen, including names, dates of birth, and social security numbers, as the result of a data breach last month. The repercussions of this data breach have been severe for those affected, as hackers have already been able to use the stolen past tax returns to submit fraudulent tax returns under their stolen identity and direct the tax refunds to prepaid debit cards. As a result of government data breaches, the IRS has announced that over 200,000 tax returns were received from “questionable” email domains, and it is estimated that 100,000 were able to clear the IRS’ authentication system.

Already, 2015 has seen a substantial increase in cyber-attacks by cyber criminals to steal large volumes of data and credentials. These attacks include theft of users’ credentials—such as passwords, usernames, e-mail addresses—and other forms of Personally Identifiable Information (PII) used by customers, employees, and third parties. User credentials can be stolen in many ways and the cyber-attack taxonomy can be quite confusing. Among them can include:

We often hear from the public sector that web-based attacks that occur at companies like Adobe, Forbes, Sony, or Anthem are not their problem. Public Sector organizations secure their own networks with the best hardware, detection software, and penetration testing, and have in place stringent rules about passwords and top-notch use policies that ensure they are safe. In every case, the security chain is only as strong as its weakest link.

With the ever growing accessibility of personal devices to organizational networks, identity management has never been of higher importance in both the public and private sector. Organizations’ IT networks contain an endless amount of sensitive data, and without proper authentication protocols, this data is at constant risk of breach. In the commercial space, the retailer Target’s breach in late 2013 was a difficult reminder that not addressing cyber risks on every level of your organization can lead to severe ramifications and security compromises.

The Internet Crime Complaint Center (IC3), which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), was designed to expand the reach of law enforcement on the local, state, and federal levels to combat against cyber attacks.

The Office of the IT Schedule Programs wants to increased visibility and access of cloud services for all federal agencies. Great idea, right? Especially given that most agencies don’t really know how to buy cloud services. But adding a new Special Item Number (SIN) isn’t as easy as you might think; there are many decisions that need to be made and considerations to take into account. In July 2014, a Request for Information (RFI) was released in consideration for creating a new SIN for cloud computing services. After collecting and reviewing the responses, they gathered industry partners together to participate in an Industry Day event to further discuss and receive feedback regarding this new SIN.