IRS

IG: 700,000 taxpayer accounts could be compromised

Cyberattack, financial services

The IRS officials announced Feb. 26 that the damage caused by last year's breach of the Get Transcript web app is much worse than they initially thought.

After the IRS' disclosure of the breach in May 2015, the Treasury Inspector General for Tax Administration went back to Get Transcript's January 2014 launch to hunt for compromise clues. That investigation revealed more damage: 724,000 taxpayer accounts might have been accessed by hackers, and another 576,000 accounts were targeted unsuccessfully.

The IRS had initially said 100,000 or so accounts were compromised and then revised its figures upward in August 2015.

Get Transcript has been down since May 2015, but the IRS said it hopes to revive the once-popular app eventually.

The breach wasn't a hack, per se, but rather efforts by scammers to use information they already had to access the IRS files of targeted taxpayers, officials have said. The scammers could locate many of the answers needed to take advantage of Get Transcript's knowledge-based authentication by using readily available online search tools. The IRS allowed one email address to be used for multiple taxpayer accounts, enabling large-scale pulls of highly sensitive taxpayer data.

The IRS said it would begin mailing notifications to the newly revealed batch of affected taxpayers on Feb. 29.

"The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort," IRS Commissioner John Koskinen said in a statement. "We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed."

Mailings will include an offer of identity theft protection and an invitation to get an IRS Identity Protection Personal Identification Number.

IP PINs help secure taxpayer accounts against impostors, but they're a drain on the IRS, which has to process an extra piece of data with each IP PIN-enabled account, and taxpayers, who have to keep track of them.

Koskinen told Congress in June 2015 that the IRS can't give every taxpayer an IP PIN because of the strain on the system.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.