Thomson Reuters Tax & Accounting News

Featuring content from Checkpoint

Back to Thomson Reuters Tax & Accounting News

Subscribe below to the Checkpoint Daily Newsstand Email Newsletter

Criminals looted private data from 100,000 IRS accounts

Click here for IRS’s statement.

IRS has issued a statement in which it announced that criminals gained unauthorized access to information on approximately 100,000 tax accounts through IRS’s “Get Transcript” application. The data included Social Security information, date of birth and street address.

The third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.The matter is under review by the Treasury Inspector General for Tax Administration as well as IRS’s Criminal Investigation unit, and the “Get Transcript” application has been shut down temporarily.

In addition to disabling the Get Transcript application, IRS has taken a number of immediate steps to protect taxpayers, including:

…Sending a letter to all of the approximately 200,000 taxpayers whose accounts had attempted unauthorized accesses, notifying them that third parties appear to have had access to taxpayer Social Security numbers and additional personal financial information from a non-IRS source before attempting to access the IRS transcript application. Although half of this group did not actually have their transcript account accessed because the third parties failed the authentication tests, IRS is still taking an additional protective step to alert taxpayers.
…Offering free credit monitoring for the approximately 100,000 taxpayers whose Get Transcript accounts were accessed to ensure this information isn’t being used through other financial avenues. Taxpayers will receive specific instructions so they can sign up for the credit monitoring. IRS noted that these outreach letters will not request any personal identification information from taxpayers. In addition, IRS is marking the underlying taxpayer accounts on its core processing system to flag for potential identity theft to protect taxpayers going forward—both right now and in 2016.

These letters will be mailed out starting later this week and will include additional details for taxpayers about the credit monitoring and other steps.

IRS notes that this incident only involves its application involving transcripts.It does not involve other IRS systems, such as core taxpayer accounts, or other applications, such as Where’s My Refund.