Less than a month into filing season, IRS systems breached

Feb. 14, 2016
Updated 8:00 a.m.

By JONNELLE MARTE / Washington Post

Criminals attacked the IRS’ digital systems in an attempt to steal data that could be used to collect fraudulent refunds, the agency announced last week.

The incident was the latest in a string of identity theft-related breaches that have been announced by tax officials and tax software companies this year. The news also comes shortly after the IRS temporarily stopped processing tax returns this month, an issue it says was unrelated to the online attack.

Using stolen personal information obtained elsewhere, the criminals used a bot to try to obtain electronic filing PINs from the IRS’ website last month, the agency said in a statement. Taxpayers can sometimes use the PINs to help verify their identities when they file returns online.

The thieves attempted to collect PINs for more than 464,000 stolen Social Security numbers but were only successful with 101,000 of them. The agency said it would let the affected taxpayers know by mail that criminals used their personal information to attempt to access IRS systems. It said no other taxpayer information was compromised.

The breach was the most recent hiccup that taxpayers have encountered less than one month into the tax filing season. Early this month, the IRS dealt with a roughly daylong outage that forced it to stop processing tax returns and blocked taxpayers from accessing the “Where’s my refund?” tool online. The agency said the outage, caused by a hardware failure, should not significantly delay tax refunds.

At least two tax software providers have also alerted taxpayers of attacks in which criminals took over online accounts and gained access to sensitive tax data. The most recent incident came from TaxSlayer, which notified 8,800 people that their accounts may have been accessed by thieves using stolen usernames and passwords. Another tax software provider, TaxAct, reported a similar attack in January when criminals used stolen usernames and passwords to access information from 450 tax accounts, though the company detected suspicious activity on roughly 9,000 accounts.

Tax officials said before the start of the filing season that they would be on guard against tax-related identity theft, which proved to be a growing issue last year. The IRS dealt with a separate attack on its “Get Transcript” feature in 2015, when criminals attempted to steal tax return information from as many as 610,000 taxpayers.

The number of identity theft complaints filed with the Federal Trade Commission surged by nearly 50 percent in 2015 from the year before, primarily because of tax fraud, the agency said. This year, the IRS, state tax agencies and tax software companies said that they would share information about suspicious filings and online attacks to crack down on fraud.

http://www.ocregister.com/articles/t...taxpayers.html