A security breach of the Internal Revenue Service (IRS) that was previously reported during May in which hackers stole tax information of thousands of taxpayers was actually almost three times bigger than the agency reported in the past.
According to the officials at IRS, hackers managed to compromise data of as many as 334,000 taxpayers in an attempt to use those stolen identities to claim falsified tax refunds via the official website of IRS.
Spear Phishing Attack at Pentagon’s Network, Breached 4000 Military Accounts
Previously, in May it was stated that about 114,000 taxpayers personal information was stolen to gain benefit from the IRS Get Transcript program.
It is still not disclosed whether all of the 334,000 taxpayer’s information was breached or not, but the Get Transcript application was already shut down by IRS in May while the authorities continue to strengthen the security of their system.
For those of you who don’t know, Internal Revenue Service had an online program called Get Transcript, using which the taxpayer can claim tax returns. But in order to gain access to the information, the hackers somehow managed to breach the security and able to breach taxpayer’s personal information including their social security number, tax filing status, date of birth, residential address.
“IRS determined unauthorized third parties already had sufficient information from a source outside the tax agency before accessing the “Get Transcript” application. This allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.”
IRS security experts also believe that the hackers were also trying to gain access to the IRS’s server to retrieve other details about the taxpayers. That information could later help them in claiming fraudulent tax refunds in the near future. But originally, the current information was leaked through other sources, which means personal data of taxpayers are distributed to various areas and remains in an unsecured environment, according to WSJ.
US Citizens Targeted with Ransomware via Fake IRS Tax Return Emails
According to the official statement released by IRS:
“As it did in May, the IRS is moving aggressively to protect taxpayers whose account information may have been accessed. The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to “Get Transcript” taxpayer account information.”
IRS has also begun offering free credit monitoring service as well as IP PIN that can be used for the verification and authenticity of tax filing procedure during the 2016’s tax return program. The notification for the enrollment has already been sent to all the 334,000 affected victims, and they are encouraging all of them to take advantage of this service to further protect their data.
Earlier the government investigators believed that most of the attacks were originated from the Russia-based criminals. But the official statement by IRS didn’t shed any light on the potential source of the security breach.
“The IRS takes the security of taxpayer data extremely seriously, and we are working aggressively to protect affected taxpayers and continue to strengthen our systems.” – IRS statement
And this wasn’t the first time that the fake tax returns were filed by some overseas hackers. During 2013, the government paid near to $5.8 billion in falsified tax returns to the hackers.
Report typos and corrections to firstname.lastname@example.org