IRS

IG: 700,000 taxpayer accounts could be compromised

Cyberattack, financial services

The IRS officials announced Feb. 26 that the damage caused by last year's breach of the Get Transcript web app is much worse than they initially thought.

After the IRS' disclosure of the breach in May 2015, the Treasury Inspector General for Tax Administration went back to Get Transcript's January 2014 launch to hunt for compromise clues. That investigation revealed more damage: 724,000 taxpayer accounts might have been accessed by hackers, and another 576,000 accounts were targeted unsuccessfully.

The IRS had initially said 100,000 or so accounts were compromised and then revised its figures upward in August 2015.

Get Transcript has been down since May 2015, but the IRS said it hopes to revive the once-popular app eventually.

The breach wasn't a hack, per se, but rather efforts by scammers to use information they already had to access the IRS files of targeted taxpayers, officials have said. The scammers could locate many of the answers needed to take advantage of Get Transcript's knowledge-based authentication by using readily available online search tools. The IRS allowed one email address to be used for multiple taxpayer accounts, enabling large-scale pulls of highly sensitive taxpayer data.

The IRS said it would begin mailing notifications to the newly revealed batch of affected taxpayers on Feb. 29.

"The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort," IRS Commissioner John Koskinen said in a statement. "We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed."

Mailings will include an offer of identity theft protection and an invitation to get an IRS Identity Protection Personal Identification Number.

IP PINs help secure taxpayer accounts against impostors, but they're a drain on the IRS, which has to process an extra piece of data with each IP PIN-enabled account, and taxpayers, who have to keep track of them.

Koskinen told Congress in June 2015 that the IRS can't give every taxpayer an IP PIN because of the strain on the system.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.