More than 100,000 tax transcripts stolen from IRS’s online “Get Transcript” application
More than 104,000 taxpayers are victims of a new identity theft scheme through which criminals used information previously stolen from outside sources to obtain unauthorized access to the IRS’s online “Get Transcript” application. After discovering the scheme in mid-May, the IRS disabled the online application and is taking steps to alert affected taxpayers and to further investigate the perpetrators. The IRS estimated in the meantime that these criminal downloads might result in only 15,000 false tax return filings.
The Get Transcript application enables taxpayers to obtain line-by-line tax return information going back five or more tax years. Criminals could use this specific tax return information to file false tax returns that appear similar to taxpayers’ legitimately filed past-year returns. The false returns could then bypass the IRS’s filters that flag suspicious returns by looking for anomalies in tax information.
According to recently released IRS FAQs, the Get Transcript application uses a multi-step process to check identities. First taxpayers must submit personal information including Social Security number, birth date, filing status and address. The second step poses certain “out of wallet” questions based on information that only the taxpayer should know.
The IRS detected the breach of the application in May while investigating a suspected denial-of-service attack on the application. After recognizing a large number of suspicious domains used to access an unexpectedly high volume of tax transcripts, the IRS determined that criminal organizations had attempted to access tax transcripts of approximately 200,000 taxpayers, and had been successful in an estimated 104,000 cases. The core tax filing system used by 150 million taxpayers was unaffected, the IRS said.
One of the IRS’s highest priorities is to inform the taxpayers whose transcripts were downloaded (or nearly downloaded) that identity theft criminals have uncovered a large volume of their personal information. In addition to sending letters to these taxpayers, the IRS will provide free credit monitoring services to the taxpayers whose accounts were actually accessed. In addition, on June 1, Sen. Kelly Ayotte, R-N.H., announced that the IRS has agreed to change its policy and will provide victims of identity theft with redacted copies of fraudulent returns filed in their names.
On June 2, IRS Commissioner John Koskinen appeared before the Senate Finance Committee to answer questions about the security breach of the IRS Get Transcript application. During the hearing Koskinen said that the IRS is continuing its in-depth analysis of what happened and stressed that for the time being, the Get Transcript program has been discontinued.