Cyberthieves looking for Social Security numbers and other key personal information hit the jackpot, which is bad new for hundreds of thousands of Americans. The thieves gained access to online information from the U.S. Internal Revenue Service (IRS) on taxpayers.
According to the IRS, the data breach affected an estimated 104,000 taxpayers. The criminals targeted and gained access this spring to the Web site the agency uses to give people ready access to tax returns and supporting information on file from previous years.
The IRS has a system called “Get Transcript” for people to gain access to previously filed returns. The site employs a security screen that asks for the primary taxpayer’s Social Security number (SSN), address, birthdate, tax filing status and other personal data. “Get Transcript” is used when people are applying for loans, filing financial aide information for college and other reasons for readily pulling old numbers together.
The IRS data theft differs from those experienced by large retailers in recent years because it did not involve a computer hack. IRS Commissioner John Koskinen told reporters today that the criminals had to have the personal identifiers available to get to the information on each taxpayer whose data was hacked. He referred to the breach as a “modified form” of the identify theft. He also indicated that the cyberthieves would have needed so-called “out of wallet” data on the people whose information was access. These things, like a high school mascot, can often be obtained from individuals’ social media accounts. So the hackers clearly spent a lot of time setting up their breach.
In fact, the IRS and other government agencies involved in the investigation have determined that the criminals made about 200,000 attempts to access the “Get Transcript” site from various questionable e-mail domains this spring. Approximately half of those attempts were successful, which correlates with the 104,000 files they estimate were breached.
Only a small fraction of tax files were illegally accessed and the IRS believed that the data theft was intended to use taxpayers’ information to submit fraudulent returns next year. They emphasized that there are approximately 23 million transcripts of past tax returns that were legitimately downloaded from the site, officials said. The IRS has temporarily shut down the system and will send notification letters to affected taxpayers this week offering free credit monitoring and protection.
The IRS believes that the data breach is not related to the sharp rise in suspicious tax fillings they noticed this sprint. The agency and state tax authorities have indicated that tax fraud jumped by as much as 3,700 percent this year. The fraud spike grabbed the attention of the FBI, regulators and Congress.
When some state tax personnel noted the use of information from previous tax years in the fraud, fingers were pointed at Intuit, the maker of TurboTax, which then temporarily halted the transmission of state tax returns. Intuit later rolled out additional security measures to make it harder for people to take over customers’ accounts by requiring users to enter a code if the account is accessed from a new computer or mobile device.
Filing taxes online and being able to access the information quickly later is a great convenience. But the fact that thieves were about to access some taxpayer information from the IRS, even a small amount of taxpayers, shows the need for shoring up cyber defenses.
By Dyanne Weiss
Washington Post: Hackers stole personal information from 104,000 taxpayers, IRS says
New York Times: Breach Exposes I.R.S. Tax Returns
Fox Business: IRS: Data Thieves Gain Access to 100,000 U.S. Taxpayers’ Information