recommended reading

IRS Says Cybercriminals Nabbed Info on 100K Taxpayers

Creativa Images/

The Internal Revenue Service on Tuesday announced that a website application feature for retrieving past tax returns had been exploited by likely cybercriminals, exposing thousands to what IRS Commissioner John Koskinen called “a variation of identify theft.”

In a conference call with reporters, Koskinen said criminals from February to mid-May used taxpayer-specific data acquired from non-IRS sources to successfully gain unauthorized access to the agency’s “Get Transcript” feature. The intruders gained information on some 100,000 tax accounts, including Social Security information, dates of birth and street addresses.

An additional 100,000 accounts showed evidence of attempts to gain illegal access.

The agency is sending letters to all 200,000 potential victims of the development and will provide credit monitoring of the 100,000 actual victims at government expense. The agency has also taken offline the  “Get Transcript” feature. Taxpayers seeking copies of past returns for purposes, such as applying for a mortgage, must use the U.S. mail or visit an IRS office.

The IRS described the intrusions as “sophisticated” and “complex.”

“Obviously, this is not easy to stop since we’re dealing with people who are buying a lot of equipment and hiring sophisticated people,” said Koskinen, adding that 80 percent of identify thefts are committed by organized crime, here and abroad.

Indications are that the attackers may have used social media to compile personal information on taxpayers, which was then used to successfully make it through a multistep authentication process, according to the IRS. Precise information such as a taxpayer’s high school mascot or place of marriage -- which are typically asked of users to prove they are who they say they are -- might be obtained through social media and placed in a massive database, he said.

The IRS said the agency’s main computer system that handles tax filing remains secure and that no other systems were involved.

The agency said the incident is under criminal investigation.

Nextgov’s Jack Moore contributed to this report.

(Image via Creativa Images/

Threatwatch Alert

Network intrusion

Pizza Hut Website, Mobile App Burned by Hackers

See threatwatch report


Close [ x ] More from Nextgov