101,000 Taxpayers Affected by Another Data Breach on the IRS
On Tuesday, the IRS released a statement saying they had identified and stopped an automated attack on their Electronic Filing PIN application. Thieves were attempting to use stolen data to breach their system to file fraudulent tax returns.
The IRS claims no personal data was compromised from their systems, and said the hackers stole the social security numbers from a non-IRS source. The thieves then used autobot malware to apply for E-File PINs with the stolen SSNs. An E-File PIN allows users to file a tax return electronically.
In total, the IRS identified unauthorized attempts using 464,000 unique social security numbers. 101,000 of these unique attempts were successful.
The IRS says they immediately notified affected taxpayers by mail. “The IRS is also protecting their accounts by marking them to protect against tax-related identity theft,” the agency added.
The situation is being assessed in conjunction with the Treasury Inspector General for Tax Administration, and the IRS is sharing information with its Security Summit state and industry partners.
Last week, a system-wide failure prevented taxpayers from filing their returns. In its statement, the IRS said this attack was unrelated to the outage.
Last year, hackers were able to file bogus tax refunds using the stolen data of 330,000 taxpayers. They obtained more than $50 million in federal funds.