Hacker attack on IRS records much bigger than first estimate

  • 18 August 2015
  • NormanL
Hacker attack on IRS records much bigger than first estimate

In the spring, we learned the hackers broke into the IRS computer system and obtained access to around 100,000 taxpayers accounts. That number has soared to more than 300,000. And it may get much worse:

...the IRS is now acknowledging that the number of affected taxpayers is more than three times the agency’s initial estimate. And the number of affected taxpayers may continue to grow as the agency digs into logs of hundreds of thousands of connections to its Get Transcript application over the past year. Today, the agency announced that there were, in total, more than 600,000 suspicious attempts made to create user accounts on the transcript system using what appears to be stolen personal identifying information from recent credit card breaches and other corporate hacks; more than 300,000 of those attempts succeeded.

The IRS still runs the transcript service through the mail. But that's not much more secure than its online portal:

...it’s still possible to obtain tax transcripts through mail by sending a letter with a Social Security number, date of birth, and address from the most recent tax return—so fraud remains possible using stolen data, albeit at snail-mail rates.

IRS officials said that credit protection would be offered to taxpayers whose accounts were exposed. The full brunt of the attack may not have been felt yet. While several thousand fraudulent tax returns were filed for 2015, officials said they believed the attackers were gathering data for the 2016 tax season. So remember—file early.

Has anyone been held accountable at the IRS for this enormous security lapse? Not yet.