The IRS has announced that identity thieves illegally accessed tax information for more than 100,000 taxpayers between February and May of this year. In a press conference held this week, IRS Commissioner John Koskinen said that thieves were able to use the “Get Transcript” application to illegally access taxpayers’ filings from the past five years. The agency discovered that “about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles.” Identity thieves would have needed access to previously stolen Social Security numbers and other personal information, which is often collected from social media sites like Facebook.
“We’re confident that these are not amateurs,” Koskinen said. “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.” Identity thieves often use stolen information in order to claim fraudulent tax returns, and Koskinen believes that up to $50 million may have been paid out in bogus tax refunds as a result of this data breach. The agency asserts that their primary computer system was not breached, and has temporarily disabled the “Get Transcript” application to prevent further attacks.
The IRS will be mailing out letters to the taxpayers whose accounts have been breached, offering further information as well as offers of credit monitoring services to help prevent further misuse of the stolen data.