IRS Website Hacked 100,000 Tax Accounts Breached

Fact checked
hacked

The Internal Revenue Service was hacked by cyber criminals who managed to successfully steal information on 100,000 tax accounts.

The agency reported on Tuesday that another 100,000 unsuccessful hacking attempts were also made. The hacking attacks appear to have started in February. The IRS’ Criminal Investigation unit is looking into the matter and has shut down the ‘Get Transcript’ application used by the criminals to gain access to the tax information.

The IRS says that their main on-line tax filing system was not breached and remains secure.

USA Today reports:

The hackers got in by taking information about taxpayers they’d acquired from other sources and using it to correctly answer several personal identity verification questions in the IRS’ “Get Transcript” application, the IRS said in a statement.

This allowed them to get information about tax accounts through the application. The information stolen included Social Security information, date of birth and street address.

The Get Transcript application allows users to view their tax account transactions, line-by-line tax return information or wage and income reported to the IRS for a specific tax year. It was used to securely retrieve approximately 23 million taxpayer transcripts last year, the IRS said.

The information the hackers used to get in was probably previously stolen by other hackers who then sold it on the open market, said Rob Roy, chief technology officer of HP Enterprise Security Products.

The hackers who bought it “appear to have hired an army of people to submit over 200,000 queries into the IRS site over a period of four months. Not exactly a quick and easy operation,” he said.

“The matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ Criminal Investigation unit, and the ‘Get Transcript’ application has been shut down temporarily,” the IRS said.

The agency will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed.

The theft was discovered late last week when IRS staff noticed unusual activity on the application. Further investigation showed that attempts were made beginning in February.

The breach does not involve the main IRS computer system that handles tax filing submissions. “That system remains secure,” the IRS said.

“The IRS historically has been very security, it has to be by virtue of the data it collects. But it just goes to show that even the most secure system can be attacked,” said Larry Ponemon of the Ponemon Institute, a data security research group.

 

 

Be the first to comment

Leave a Reply

Your email address will not be published.




This site uses Akismet to reduce spam. Learn how your comment data is processed.