Hackers Hit IRS – Again


Looks like the IRS, which found the resources to harass conservative-leaning groups seeking tax exempt status, didn’t quite manage to deploy its resources in a way that prevented hackers from stealing private taxpayer information and using it to obtain bogus refunds.

The IRS has admitted that hackers accessed and stole the private information of more than 104,000 taxpayers in coordinated campaigns that IRS officials say may be the work of organized crime syndicates.

Thieves hacked into the “Get Transcript” system, an online service the IRS uses to give Americans access to their past returns. It is sensitive information that includes several years’ worth of returns and other private information. However, to get into it the hackers needed to know the taxpayer’s Social Security number, date of birth, address, and tax filing status as well as answers to personal identity verification questions that only the taxpayer typically knows. The thieves would’ve had to steal that information separately – a point IRS chief John Koskinen was only too quick to make.

In total, attempts were made to access old tax returns for 200,000 taxpayers, with roughly half of those efforts succeeding. However, all 200,000 taxpayers can expect to be contacted by the IRS.

The breach occurred during and after the tax filing season between February and mid-May 2015. The IRS became aware of the breach when workers noticed a larger than usual number of people seeking transcripts which were used to file fake tax returns to the tune of almost $50 million in successfully claimed returns.

With all of this information it’s plausible that the thieves had enough to pull off a tax-refund-stealing scheme that occurred earlier in their season. However the IRS is trying to deny this linkage.

The Washington Post reports:

“We’re confident that these are not amateurs but organized crime syndicates that not only we, but others in the financial industry are dealing with,” he said.

Tax returns include a slew of personal details. Many taxpayers download them when they apply for mortgages or loans.

Koskinen said the incident was probably not related to a spike in suspicious tax filings  this year, which raised red flags for the IRS and state tax authorities, which saw fraud jump by as much as 3,700 percent. Some state tax officials mentioned that criminals appeared to have information from prior tax returns, which made the fraud more difficult to catch. Intuit, the maker of TurboTax, temporarily halted the transmission of state tax returns while it investigated. The fraud grabbed the attention of the FBI, Congress and other regulators, which launched probes into the fraud.

In March, the IRS called on state tax officials and major tax preparation companies to help come up with fixes that could be rolled out by next tax season. Intuit, which has called for industry-wide standards, said in a statement Tuesday night that “this episode reinforces the strategic urgency of the IRS Security Summit process which Commissioner Koskinen has been vigorously leading this year, and which we strongly support.”

Few government agencies collect as much personal information on every American than the IRS, which makes it a treasure trove for thieves.

The upswing in attempts to defraud the IRS, steal private taxpayer information, or file fraudulent returns is a reminder of the power and influence that the IRS wields. Therefore, the IRS should focus on ensuring that it is properly stewarding and fiercely protecting the private information of taxpayers, instead of getting caught up in politics.

We’ve reported extensively on the IRS discriminating against conservative groups by holding up their nonprofit status applications. Since then the IRS attempts to cover up what it did and evade investigations has made an unpopular institution more unpopular. There are also reasonable assertions that had the IRS not shackled tea party groups, the 2012 elections may have turned out differently.

It appears that the IRS may have been careless with our private information in the past, exposing taxpayers to the risks that we’re seeing today. Instead of playing games with political groups and complaining about a lack of resources, the IRS should be doing everything in its power to protect our identity and protect that massive collection of our sensitive information. The behavior of the IRS should fuel efforts to replace our current tax code with a system that does not require a massive bureaucracy that requires us to submit so much of our personal information.