IRS Data Breach Impacted More Taxpayers Than Initially Thought

IRS Data Breach Fighting Identity Crimes

Update Feb 29, 2016: On February 26, the Internal Revenue Service released a statement disclosing the findings of their nine-month long investigation into the compromise of their “Get Transcript” web feature.

The investigation revealed that cybercriminals accessed historical tax return documents, which included a plethora of personally identifiable information, from 720,000 individuals.

This is 7x more individuals than initially thought.

Those impacted will be notified via mail and may request an Identity Protection PIN to provide added protection against tax identity theft.

What happened?

On August 17, The Internal Revenue Service (IRS) disclosed that their May 2015 data breach exposed the personal information of 330,000 taxpayers. Initially, the IRS data breach was only projected to have impacted 100,000 individuals.

The IRS data breach occurred when cybercriminals infiltrated one of their online tax systems, “Get Transcript,” from February until its discovery in mid-May. “Get Transcript” provides taxpayers with their historical tax returns, which are typically required when applying for loans or college aid.

The system did not have the proper security measures in place and crooks could easily exploit the service to siphon millions of tax documents. The online access to “Get Transcript” has since been suspended.

These historical tax returns — which hackers now have access to 330,000 of — include detailed personally identifiable information including names, Social Security numbers, bank account information, places of employment, income, personal family information and even “out of wallet” information from cracked password hints (such as a person’s first car or high school mascot.)

These hackers will most likely use this information to file fraudulent tax returns in the future. In 2013, tax refund fraud hit $5.8 billion and that loss is only expected to grow. This crime has a direct impact on not just the individuals whose information was exploited, but taxpayers at large.

The IRS is currently sending letters to impacted individuals, warning them of potential identity theft and offering free credit protection services. Recipients will also receive a special PIN for them to use as an added layer of authentication when filing taxes next year. This is designed to help protect their future filings from fraud.

What should you do?

Due to the sensitive nature of this information, individuals impacted by the IRS data breach should take the following actions to mitigate their risk of identity theft and similar identity crimes.

  • Check your credit report for signs of identity theft
  • Monitor your bank statements regularly
  • Watch for spam or phishing attempts via phone or email
  • Utilize the Electronic Filing PIN provided by the IRS
  • Always file your taxes early

Fighting Identity Crimes will keep you updated as new information becomes available about the IRS data breach. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.