BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

IRS Says Identity Thieves Accessed Tax Transcripts For More Than 100,000 Taxpayers

Following
This article is more than 8 years old.

The Internal Revenue Service (IRS) announced today that identity thieves have illegally accessed tax information for more than 100,000 taxpayers with unsuccessful attempts made on approximately 100,000 additional taxpayer accounts. IRS Commissioner John Koskinen delivered the news at a hastily arranged press conference this afternoon. The urgency, he indicated, was to alert taxpayers to the breach.

The unauthorized access to records occurred using the “Get Transcript” application, previously available on the IRS website. As a result, the transcript application was taken down late last week and will remain down until the problem is resolved. Currently, the message on the IRS website reads:

The online Get Transcript service is currently unavailable. Transcripts may still be ordered using the Get Transcript by Mail service. We apologize for any inconvenience.

Transcript services can still legitimately be accessed by mail using the form 4506 series.

The unauthorized access of taxpayer information occurred from February to May 2015. Identity thieves used the application to access previous taxpayer filings, dating back as much as five years.

To access the site, identity thieves must have had access to previously stolen Social Security numbers and other personally identifiable information, including so-called “out of wallet” information like cars a taxpayer purchased, high school mascots and spouse names. That information, Commissioner Koskinen indicated, is often found in databases compiled by criminals from a number of sites, including social media. This data gleaning - from both credit bureau records and social media sites like Facebook - isn't new. You can read more about "out of wallet" information, including here.

Commissioner Koskinen noted that the transcript application had 23 million successful downloads from legitimate taxpayers this year. However, IRS has identified attempts made on accounts of more than 200,000 taxpayers as coming from sources other than legitimate taxpayers. Of those, about half, or 104,000, were successfully accessed by identity thieves. The information gleaned from those transcripts is generally used to obtain bogus tax refunds. At this point, IRS believes that the percentage of bogus tax refunds issued as a result is small, with no more than about 15,000 bogus tax refunds issued totaling no more than $50 million. However, Commissioner Koskinen cautioned that the bigger concern for the affected taxpayers was that their information might be used for other illegal purposes, including other financial crimes.

The 200,000 taxpayers who were affected, including those whose accounts were not successfully accessed, will be notified by the IRS by letter. Although roughly 100,000 of those taxpayers did not actually have their transcript accessed because the thieves could not get past the screens, the IRS is proactively alerting those taxpayers.

Taxpayers whose accounts were accessed will be offered credit monitoring services. Taxpayers will receive specific instructions so they can sign up for the credit monitoring: these outreach letters will not request any personal identification information from taxpayers. In addition, the IRS will continue to monitor those tax accounts for potential refund theft issues.

Taxpayer letters will be mailed out starting later this week and will include additional details for taxpayers about the credit monitoring and other steps. If you don't receive a letter, you don't need to worry: at this time, no action is needed by taxpayers outside these affected groups.

The IRS was careful to highlight that these account breaches were not tied to other IRS applications or account information. In other words, the IRS computer and related systems were not compromised or hacked and taxpayer services have otherwise not been affected.

Clearly, this was not small time thievery. Commissioner Koskinen noted that the level of attack suggests that access to the transcript application was accomplished by sophisticated criminals who had access to prior taxpayer information. This has been a common theme for identity thieves, thought to be tied to organized crime.

IRS was alerted to the problem when its monitoring systems noted an unusual amount of activity related to the application. At first, Commissioner Koskinen said, IRS thought it was a denial-of-service (DoS) attack. That turned out not to be the case.

Criminal investigations are ongoing. Additionally, the matter is under continuing review by the Treasury Inspector General for Tax Administration and IRS offices.

 

Follow me on Twitter or LinkedInSend me a secure tip