The IRS Attacked by Hackers

01 Jun 2015

An IRS breach provided hackers with information on over 100,000 taxpayers, according to the Internal Revenue Service press release on Tuesday, May 26, 2015. IRS officials claim thieves broke into its “Get Transcript” system, which has been temporarily shut down after over 200,000 questionable attempts to gain access were identified. The online application will remain disabled until the IRS makes modifications and further strengthens security for it. “In all, about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles,” the agency said following an initial review. “During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts.” The IRS said thieves targeted the system from February to mid-May. Information stolen included tax return transcripts and other personal information on file with the IRS.

In order to gain access to each taxpayer’s information, the thieves would have needed sufficient information about the taxpayer, which they likely acquired from outside sources including recent data breaches. Having information such as the taxpayer’s Social Security number, date of birth, tax filing status, and street address allowed them to bypass personal security questions or “out of wallet questions.“ “The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure,” the agency said in a statement. IRS Commissioner John Koskinen, during a conference call with reporters Tuesday, pointed out that this is not technically a security breach since the IRS’ systems are still secure, but rather it is a modified form of identity theft, as criminals are impersonating taxpayers in order to steal their information.

Tax returns include a host of personal information that can help someone steal an identity including income numbers and birth dates of dependents and spouses. However, the IRS stated the thieves appeared to already have a lot of personal information about the victims since they were able to bypass the security verification questions. The IRS will be notifying taxpayers whose information was accessed and offering free credit monitoring for the approximately 100,000 taxpayers whose “Get Transcript” accounts were accessed. This will help taxpayers to ensure that their information is not being exploited through other financial avenues.

Theft of private, personal, and confidential information is a global epidemic. Unfortunately, no one is immune to it, nor can individuals or companies entirely protect themselves from it. In the U.S. Government Accountability Office’s (GAO) Nov. 29, 2012 report titled “Identity Theft: Total Extent of Refund Fraud Using Stolen Identities Is Unknown,” the GAO disclosed the results of its study into identity theft issues at the Internal Revenue Service. During the first three quarters of 2012, the IRS identified 642,000 incidents of identity theft. This was already a staggering amount in 2012 as it indicated a 265 percent increase from 2011. According to the GAO report, situations like this arise because “identity thieves can obtain a legitimate taxpayer’s name and Social Security number (SSN) in a variety of ways. They can obtain identity information by hacking into a computer system or paper files at one of the many entities that use names and SSNs in their records (e.g., employers, schools or financial institutions). Armed with the stolen identity, the thief can then file a fraudulent tax return seeking a refund.”

It was announced on Friday, May 29, 2015 that the FBI has opened an investigation into the recent data breach at the Internal Revenue Service. The FBI’s probe will supplement a current investigation by the IRS criminal division and provide additional resources in what can only be described as a global identity theft epidemic. The FBI advised that people contacted by the IRS should take the necessary steps to monitor and safeguard their online presence and information. Any suspicious activity should be reported to the FBI. We, here at Cerini and Associates are closely monitoring the development of this incident. If you have any questions regarding this matter, please contact us at your earliest convenience.