IRS Quickly Subdues Hackers in Recent Attack

IRS Efile Data Breach

What happened?

The Internal Revenue Service said Tuesday it recently identified and halted a cyber attack against their Electronic Filing Personal Identification Numbers (E-file PIN) application on

This is the second cyberattack against the IRS in the past year.

Cybercriminals used malware to execute their attack; automatically generating E-file PINs using previously stolen Social Security numbers. Their end goal was to access enough taxpayer data that they could file tax returns in their victims’ names.

E-file PINs are used in some instances to electronically file tax returns. They are not the same as Identity Protection Personal Identity Numbers (IP PIN), which are used by tax identity theft victims to prevent further fraudulent filings in their name.

The IRS’ initial investigation identified unauthorized attempts involving approximately 464,000 unique Social Security numbers. More than 100,000 of these attempts were successful in accessing a correct E-file PIN.

Despite this unexpected barrage, the IRS insists thieves used Social Security numbers previously stolen from outside sources and that no taxpayer accounts were compromised, as identity thieves would usually require far more data than an E-file PIN to file a fraudulent return.

Individuals linked to the 100,000 E-file PINs that were successfully breached will receive an official notice from the IRS, likely via U.S. postage. The IRS is also marking these breached accounts to protect them against tax identity theft.

The IRS will continue to monitor their web application for signs of compromise.

What should you do?

File early
Beat identity thieves to the punch by filing your taxes as soon as possible. If a thief files first, you’ll have to wait for the IRS to investigate the matter before you receive your refund.

Be wary of IRS requests — especially via email
There are currently numerous tax-related phone scams and phishing emails targeting consumers. Many demand immediate payment or threaten legal action from local law enforcement — two things the IRS will never do.

One such phishing email directly references tax PINs and includes a malicious Word document that infects recipients’ devices with a NanoCore Trojan, a form of malware that gives hackers nearly full control of your device.

Never reply to, forward or click on links within any suspicious emails, especially if they appear to be from the IRS. And never respond to threats of immediate arrests or demands for payment via email or phone.

Send your refund securely
Whether filing by mail or electronically, be sure to follow these steps to protect your tax returns.

When filing electronically, use your E-file PIN and IP PIN (if applicable) and make sure your computer’s software is up-to-date, a firewall is installed and anti-spam/anti-virus software is being utilized.

When mailing, always place completed tax returns in a secure mailbox at the post office. Do not leave these sensitive documents in your personal mailbox for pick up; otherwise a thief might snag them first.

Fighting Identity Crimes will keep you updated as more information becomes available about the IRS E-file PIN data breach. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.