Cyberthieves hacked into the “Get Transcript” service on the Internal Revenue Service website and gained access to information from more than 100,000 taxpayer accounts, the IRS said Tuesday. The stolen data included Social Security numbers, street addresses and dates of birth.
The criminals used data obtained from other sources to steal tax forms full of personal and financial information on 104,000 taxpayers. The IRS said the hack occurred from February through mid-May. The IRS first detected unusual activity last week.
The “Get Transcript” service has been temporarily shut down. It provides a fairly easy way for taxpayers to download years’ worth of tax forms which are sometimes requested when applying for a mortgage or seeking college financial aid. During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts.
Identity Theft is Likely Goal of Thieves
IRS Commissioner John Koskinen said the thieves’ likely intent is to collect huge amounts of personal information that can be used to open bank accounts, credit lines and steal tax refunds in the future.
The IRS said “it’s possible that some of these transcript accesses were made with an eye toward using them for identity theft for next year’s tax season.”
The thieves “gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer,” the IRS said in a statement.
IRS Mailing Letters to Affected Taxpayers
The IRS said it is sending letters to “all of the approximately 200,000 taxpayers whose accounts had attempted unauthorized accesses.” Although half of these taxpayers did not actually have their transcript account accessed because the thieves failed the authentication tests, the IRS is still taking the additional step to alert them. “That’s because malicious actors acquired sensitive financial information from a source outside the IRS about these households that led to the attempts to access the transcript application,” the IRS said.
That means all 200,000 victims could be identify theft targets.
The IRS said it is offering free credit monitoring for the approximately 100,000 taxpayers whose Get Transcript accounts were accessed to ensure “this information isn’t being used through other financial avenues.”
IRS: “Taxpayers will receive specific instructions so they can sign up for the credit monitoring. The IRS emphasizes these outreach letters will not request any personal identification information from taxpayers. In addition, the IRS is marking the underlying taxpayer accounts on our core processing system to flag for potential identity theft to protect taxpayers going forward — both right now and in 2016.”
The IRS emphasized that the hack only involved the Get Transcript application. The agency said it did not involve other IRS systems, such as core taxpayer accounts or other applications, such as Where’s My Refund.