On May 27, the Internal Revenue Service revealed a massive IRS application data breach of confidential taxpayer information that could result in serious identity theft and tax fraud. Cyber criminals used taxpayer-specific information to gain access to approximately 100,000 taxpayers’ accounts. Breaching the security wall of the online application of the IRS’s Get Transcript website. While the investigation continues and cyber security concerns are addressed, the Get Transcript app has been shut down.
IRS Application Data Breach
The information was stolen as part of an elaborate scheme to claim fraudulent tax refunds, IRS Commissioner John Koskinen told reporters. “We’re confident that these are not amateurs,” Koskinen said. “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.”
According to the Internal Revenue Service statement, IRS investigators now believe the cyber criminals obtained the taxpayer-specific information used in the breach from external sources. Such stolen information enabled the cyber criminals to breach the Get Transcript authentication process. IRS employees noted unusual activity taking place with the Get Transcript app, and the resulting investigation led to the discovery of the data breach.
Hacking = IRS Application Data Breach
The hacking involved over 200,000 attempts to access the Get Transcript app with the information of over 100,000 taxpayers being compromised in the process. Although accessible through the IRS.gov website, the Get Transcript app is not hosted on the IRS federal servers and data system. The Internal Revenue Service wanted to reduce any greater concern, promising taxpayers the filing submission system on their servers remains intact.
In a strong response to the theft, Sen. Orrin Hatch, R-Utah, chairman of the Finance Committee, said, “When the federal government fails to protect private and confidential taxpayer information, Congress must act. Taxpayers deserve to know what happened at the IRS regarding the data theft, and this hearing will be the first step of many that the committee takes to determine what happened and how the government can prevent such attacks from happening again.”
Investigation of IRS Application Data Breach
The IRS Application Data Breach is being investigated by both the Treasury Inspector General for Tax Administration (TIGTA) and the IRS’s Criminal Investigation unit. The IRS will notify all 200,000 taxpayers whose accounts were the targets of the unauthorized access attempts, including the over 100,000 who had their information compromised. The taxpayer alert letters will start going out by the end of the month, although it remains unclear if they will distinguish between the successful and the unsuccessful breaches.
