Agency sends warning to 200,000 taxpayers, half of whom will be credit monitored.
The Internal Revenue Service on Tuesday announced that a website application feature for retrieving past tax returns had been exploited by likely cybercriminals, exposing thousands to what IRS Commissioner John Koskinen called “a variation of identify theft.”
In a conference call with reporters, Koskinen said criminals from February to mid-May used taxpayer-specific data acquired from non-IRS sources to successfully gain unauthorized access to the agency’s “Get Transcript” feature. The intruders gained information on some 100,000 tax accounts, including Social Security information, dates of birth and street addresses.
An additional 100,000 accounts showed evidence of attempts to gain illegal access.
The agency is sending letters to all 200,000 potential victims of the development and will provide credit monitoring of the 100,000 actual victims at government expense. The agency has also taken offline the “Get Transcript” feature. Taxpayers seeking copies of past returns for purposes, such as applying for a mortgage, must use the U.S. mail or visit an IRS office.
The IRS described the intrusions as “sophisticated” and “complex.”
“Obviously, this is not easy to stop since we’re dealing with people who are buying a lot of equipment and hiring sophisticated people,” said Koskinen, adding that 80 percent of identify thefts are committed by organized crime, here and abroad.
Indications are that the attackers may have used social media to compile personal information on taxpayers, which was then used to successfully make it through a multistep authentication process, according to the IRS. Precise information such as a taxpayer’s high school mascot or place of marriage -- which are typically asked of users to prove they are who they say they are -- might be obtained through social media and placed in a massive database, he said.
The IRS said the agency’s main computer system that handles tax filing remains secure and that no other systems were involved.
The agency said the incident is under criminal investigation.
Nextgov’s Jack Moore contributed to this report.
(Image via Creativa Images/ Shutterstock.com)