Amid increasing concern over the security of Internal Revenue Service computer systems, the agency has disclosed that hackers accessed the personal tax data of more than 100,000 taxpayers in an effort to claim fraudulent refunds.
The IRS said it had determined late last week that “unusual activity” had occurred on its online service called Get Transcript, where filers can get tax returns and other filings from previous years.
The hackers used the personal data of taxpayers — including Social Security numbers, dates of birth, and street addresses — to clear a security screen and log on to Get Transcript, the IRS said.
The service has been shut down temporarily and the security breach is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ criminal investigation unit. The IRS will provide free credit monitoring services for the affected taxpayers whose accounts were accessed, including those for which the hackers couldn’t clear all the authentication hurdles.
“We’re confident that these are not amateurs,” IRS Commissioner John Koskinen told the Associated Press. “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.
In a recent report, the Government Accountability Office said the IRS’ financial and taxpayer data remain “unnecessarily vulnerable” to fraudsters and hackers.
The agency estimates it paid out $5.8 billion in fraudulent refunds to identity thieves in 2013.
“That the IRS — home to highly sensitive information on every single American and every single company doing business here at home — was vulnerable to this attack is simply unacceptable,” said Republican Sen. Orrin Hatch, who is chairman of the Senate Finance Committee. “What’s more, this agency has been repeatedly warned by top government watchdogs that its data security systems are inadequate against the growing threat of international hackers and data thieves.”