An attack by hackers who stole sensitive personal information from thousands of taxpayers was far more widespread than the Internal Revenue Service (IRS) first disclosed, officials have revealed as they released new estimates that 610,000 Americans were affected by the breach. The revelation more than doubles the number of estimated victims of the breach. The hackers were able to clear security screens requiring the person’s Social Security Number, date of birth, tax filing status and street address.
The IRS reported in May that the cybercriminals had used stolen Social Security numbers and information they got elsewhere to try to gain access to old tax return information for about 225,000 households. Reportedly, that included about 114,000 successful attempts and 111,000 unsuccessful ones. An “extensive review” of the 2015 filing season uncovered a far wider breach – an additional 390,000 affected taxpayers, including about 220,000 additional households “where there were instances of possible or potential access” to prior-year return data, the IRS said in a statement.
The new numbers also include about 170,000 additional “suspected attempts that failed to clear the authentication processes,” meaning the hackers failed to clear a security screen that required them to know more information about the taxpayer. The IRS said in a statement:
The IRS is moving immediately to notify and help protect these taxpayers. The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for ‘Get Transcript,’ including by enhancing taxpayer-identity authentication protocols.”
“Get Transcript” is the online service the IRS uses to give Americans access to their past tax returns. The hackers used the service as their entry point, using questionable e-mail domains. IRS officials said the cybertheft was part of a sophisticated scheme to get as much information as possible about the taxpayers, then use stolen identities to claim fraudulent tax refunds. In all, the thieves used personal information from about 610,000 taxpayers in an effort to gain access to old tax returns.
Officials said they are notifying all potential victims and offering them free credit-monitoring services. The agency also is offering to enroll potential victims in a program that assigns them a special ID number that they must use to file their tax returns. The IRS believes the thieves started targeting the website in February. The IRS hasn’t identified a potential source of the crime. But in May, it said it believes the identity thieves are part of a sophisticated criminal operation based in Russia. The “Get Transcript” website was shut down in May and is still not back up. About 23 million transcripts of past tax returns are legitimately downloaded each filing season, officials said.
The IRS has since added safeguards to prevent similar schemes, but Commissioner John Koskinen has said repeatedly that it is hard for the agency to stay ahead of the criminals. The IRS estimates it paid out $5.8 billion in fraudulent refunds to identity thieves in 2013. That’s a shocking number and it is very clear that the government has lots of catching up to do in its effects to safeguard public information.
Source: Washington Post
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.