104,000 TAXPAYERS’ RECORDS NOW IN THE HANDS OF HACKERS

Friday, June 05, 2015

Original Article:  www.washingtonpost.com. 5/26/15. "Hackers Stole Personal Information from 104,000 Taxpayers IRS says".   Lisa  Rein and Jonelle Marte

On Tuesday, May 26, 2015, IRS Commissioner John Koskinen announced a security breach of IRS computers and that nearly 104,000 taxpayers have become victims of a new, sophisticated identity theft scheme involving the IRS’s online "Get Transcript" application.  The breach was discovered earlier in May while IRS was investigating a suspected denial-of-service attack on the application. Their investigation revealed that a large number of suspicious domains had been used to access an unexpectedly high volume of tax transcripts. It was ultimately determined by the IRS that organized criminals had been successful in accessing the transcripts of an estimated 104,000 out of approximately 200,000 attempts.  Consequently, the IRS has disabled the online application and is taking aggressive steps to warn the affected taxpayers.

"We have detected and determined that there was unauthorized access to our Get Transcript application that ran from February to May," Koskinen told reporters. "To try to get through to get that transcription, the criminals had to already have stolen Social Security numbers, names, addresses and other personal identifiers available. Then they had to have enough personal information for each taxpayer to get through the so-called personal related questions―the so-called auto-wallet questions."

The 104,000 downloads represents only a small fraction of the 23 million successful downloads through the Get Transcript application that occurred during the 2015 filing season. Furthermore, Mr. Koskinen estimated that the 104,000 downloads would result in about 15,000 false tax return filings and that no money had been paid out in fraudulent refunds.  According to Mr. Koskinen, IRS would release the actual figures as soon as it discovers them.  Additionally, Mr. Koskinen stressed that the data breach had affected the Get Transcript application only and that the basic tax filing system used by 150-million taxpayers was unaffected.

Informing the 200,000 taxpayers whose transcripts were downloaded (or nearly downloaded) and that identity theft criminals have uncovered a large volume of their personal information is a top priority at the moment. The highly sensitive information obtained would include Social Security numbers, names, current and past addresses, car ownership histories, high school mascots, places of marriage and other information commonly used to authenticate identity. In addition to sending letters to these taxpayers, the IRS will provide free credit monitoring services to the 104,000 taxpayers whose accounts were actually accessed, Koskinen promised. "We greatly regret that this additional information is available to criminals," he said.