Data Breaches

Hackers Target IRS in Attempt to Commit Identity Theft

Written by Jamie White for Symantec

For the second time in less than a year, hackers have targeted the IRS in an attempt to access personal information such as Social Security Numbers (SSNs) for hundreds of thousands of taxpayers.

Having someone’s name and SSN allows an identity thief to file a fraudulent tax return and receive a refund — while identity theft victims are left with a mess that could take months or even years to clean up.

Fortunately, the IRS stopped the attack last month and stated that no personal taxpayer data was compromised or disclosed by IRS systems. The agency first announced the breach in a statement Tuesday.

The automated attack hit the Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen Social Security Numbers, according to the IRS.

An E-file pin is used in some instances to electronically file a tax return. Nearly half a million unauthorized attempts were made to access taxpayers’ personal information. Of the 464,000 unique SSNs, 101,000 SSNs were used to successfully access E-file PINs.

The IRS said it will notify affected taxpayers by mail if their personal information was used in an attempt to access the IRS application and will also be securing their accounts by marking them to protect against tax-related identity theft.

This incident is not related to last week’s outage of IRS tax processing systems. The IRS was also breached in 2015 — affecting more than 300,000 taxpayers. Criminals used data stolen from third parties — including Social Security Numbers, birth dates and addresses — to access taxpayers’ past returns through the IRS Get Transcript application.

The breached records were used to file fraudulent tax returns, the IRS said. In total, more than 610,000 fraudulent attempts were made to access consumer records through Get Transcript from February through mid-May of 2015, the IRS said, according to a CNBC report.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Start your protection,
enroll in minutes.