20 January 2020

Breach at IRS Exposes Tax Returns

Share This Story

The Internal Revenue Service said Tuesday that identity thieves used one of its online services to obtain prior-year tax return information for about 100,000 U.S. households, a major breach of the agency charged with safeguarding taxpayers’ privacy. The agency said cybercrooks used stolen Social Security numbers and other specific data acquired from elsewhere to gain unauthorized access to the tax-agency accounts, beginning in February and continuing through mid-May.

About 104,000 attempts successfully accessed earlier returns, IRS Commissioner John Koskinen said. An additional 100,000 attempts were unsuccessful. The incident, which echoes similar problems earlier this year in some states, highlights the growing risks from cybersecurity breaches to both individuals and the government. It particularly reflects crooks’ ability to carefully aggregate vast amounts of personal data from multiple sources, and plan and execute highly sophisticated schemes.

The agency believes fewer than 15,000 refunds were paid as a result of the frauds, and the total paid out was under $50 million. But in a statement, the IRS said it is possible that some of the stolen tax transcripts were being stockpiled, “with an eye toward using them for identity theft for next year’s tax season.” The IRS said that to access the information, crooks had to clear a multistep authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems.

The information was obtained from an IRS application known as “Get Transcript” that allows taxpayers to access prior-year returns. The thieves then used the data to fashion a fake return for 2014, and requested the IRS send a tax refund to a hard-to-trace debit card. Mr. Koskinen stressed that the penetration was the result of an organized crime, not “one-off” hacking. The agency said the matter is under review by the IRS inspector general as well as its Criminal Investigation unit. In addition, the Get Transcript application has been shut down temporarily.

The IRS said it would provide free credit-monitoring services for the approximately 100,000 taxpayers whose accounts were accessed, and it said it would notify the 100,000 or so other taxpayers about the unsuccessful attempts to access their data. The agency’s top leaders sought to emphasize that the breach didn’t involve the IRS’s core accounts, such as its filing system, which remain secure. But some lawmakers were irate, and the long-term impact of the incident on the tax agency—already under fire from Republicans for alleged targeting of tea-party and other conservative groups—could be significant. IRS officials have denied any political motivations behind scrutiny of groups seeking tax-exempt status.

The IRS has said in recent months that funding cuts have hampered its ability to improve fraud detection. Congress has cut the agency’s budget to under $11 billion for fiscal 2015 from more than $12 billion five years earlier. The Obama administration is seeking almost $13 billion for 2016. The troubles with the Get Transcript application echo problems that surfaced this year with some state tax systems. In February, Utah state tax officials found that a few fraudulent 2014 state returns closely resembled 2013 returns. The similarities made the fraud harder to detect and suggested that scammers had access to the taxpayers’ 2013 returns.

Click here to access the full article on The Wall Street Journal.

Join Our Online Community
Join the Better Way To Retire community and get access to applications, relevant research, groups and blogs. Let us help you Retire Better™
FamilyWealth Social News
Follow Us