On May 26th the Internal Revenue Service announced that more than 100,000 accounts from the “Get Transcript” application had been accessed by unauthorized individuals (i.e. criminals). The data stolen consisted of Social Security information, dates of birth and street addresses along with prior year tax transcripts. Access to the Get Transcript application has been disabled, but the damage has been done for the more than 100,000 taxpayers that had information stolen.
The IRS has said their systems were not actually hacked, but rather the criminals gained access to individuals’ tax data through personal information already in their possession. One of the many previous breaches of our personal data has left plenty of information in the hands of these less than savory characters. Even though the Get Transcript application requires users to answer several personal questions, the information already floating around out there in the dark corners of the internet allowed these criminals to successfully answer the “challenge” questions that allow people to access prior year tax transcripts.
The bummer about all of this is the inconvenience and headache this will cause those taxpayers who are affected. Additionally, the head of the IRS, John Koskinen, told Congress that up to $39 million has been stolen due to the criminals filing fraudulent tax returns with information obtained from the data breach. The Commissioner also went on to say that these cyber-criminals made about 200,000 attempts to get taxpayer data, so this wasn’t a one time smash and grab attack. To add insult to injury, the Treasury Inspector General J. Russell George told Congress that the IRS had not acted on recommended security improvements that would have made the cyber-criminals attempts more difficult. And oh yeah – the IRS is also running 19-year old security software and still runs Windows XP. Microsoft stopped supporting Windows XP a year ago and it has been wide open to hacking attacks ever since.
The IRS will be sending letters to the approximately 200,000 taxpayers whose accounts had attempted unauthorized accesses. For the more than 100,000 taxpayers whose accounts were accessed, the IRS will be offering free credit monitoring. Affected taxpayers will also have will have additional flags on their IRS accounts to hopefully detect any potential fraud.