For the second time in less than a year, hackers have targeted the IRS in an attempt to access personal information such as Social Security Numbers (SSNs) for hundreds of thousands of taxpayers.
Having someone’s name and SSN allows an identity thief to file a fraudulent tax return and receive a refund — while identity theft victims are left with a mess that could take months or even years to clean up.
Fortunately, the IRS stopped the attack last month and stated that no personal taxpayer data was compromised or disclosed by IRS systems. The agency first announced the breach in a statement Tuesday.
The automated attack hit the Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen Social Security Numbers, according to the IRS.
An E-file pin is used in some instances to electronically file a tax return. Nearly half a million unauthorized attempts were made to access taxpayers’ personal information. Of the 464,000 unique SSNs, 101,000 SSNs were used to successfully access E-file PINs.
The IRS said it will notify affected taxpayers by mail if their personal information was used in an attempt to access the IRS application and will also be securing their accounts by marking them to protect against tax-related identity theft.
This incident is not related to last week’s outage of IRS tax processing systems. The IRS was also breached in 2015 — affecting more than 300,000 taxpayers. Criminals used data stolen from third parties — including Social Security Numbers, birth dates and addresses — to access taxpayers’ past returns through the IRS Get Transcript application.
The breached records were used to file fraudulent tax returns, the IRS said. In total, more than 610,000 fraudulent attempts were made to access consumer records through Get Transcript from February through mid-May of 2015, the IRS said, according to a CNBC report.