The IRS recently announced that the tax information of 104,000 filers was stolen by hackers and used to file false returns. The same thieves attempted to steal tax data from an additional 100,000 filers, but were unsuccessful.
The unauthorized access of records occurred between February and May of 2015, when hackers used the IRS’s “Get a Transcript” web tool to access filers’ tax return transcripts. The hackers had previously obtained social security numbers of these 200,000 filers from other sources. The IRS pointed out that their servers were not hacked, but their online service allowed resourceful thieves to access filers’ information.
This breach is especially alarming because IRS Transcripts contain sensitive information about filers. Specifically, they include much of the information reported to the IRS on 1040 and the supporting forms, such as W-2s. The stolen information was then used to file 36,500 fraudulent tax returns seeking refunds. As many as 13,000 of those phony returns were accepted by the IRS, for a total of $39 million in refunds paid.
The IRS acted after discovering the breach by closing down the “Get a Transcript” tool for individual filers. Filers may still request their transcripts, but must do so by mailing in a completed form 4506. The IRS has not indicated when it will provide the online service again.
Their next step was to notify all 200,000 victims, informing them that their social security numbers and possibly other personal data was stolen. For those 104,000 whose tax information was stolen, the IRS is offering credit monitoring services. These victims will receive instructions to sign up for the credit monitoring note: these outreach letters will not request any personal identification information from taxpayers). In addition, the IRS will continue to monitor those tax accounts.
As always, victims may apply for identity protection numbers to prevent the filing of future returns using their information. Additionally, the IRS plans to strengthen its authentication procedures.
The hackers were able to answer many of the “out of wallet” security questions by using information that can be easily found on credit reports and social media sites like Facebook. As a result, the IRS will use questions that are more difficult to answer.
The IRS plans to employ a more proactive approach to prevent future breaches by partnering with private tax software companies, payroll companies and state agencies to share data on uncovered scams. Congress may act as well and may move up the date that W-2 forms must be filed with the government to January 31. This change would make it more difficult for scammers to e-file fake 1040s.
If you were affected by this breach, you will receive a notice in the mail from the IRS. If you do not receive a notice, we still recommend you access your free credit reports annually and stay vigilant about keeping your sensitive data protected.