Block on Trump's Asylum Ban Upheld by Supreme Court
First Target, then Home Depot, now, everybody's favorite government agency, the IRS has been attacked by data thieves.
The IRS has admitted this week that 100,000 taxpayer files have been accessed by hackers in the last couple months. While 100,000 people is a small amount compared to the millions affected by Target's data breach, this theft is more worrisome because of how the thieves got the information.
How it Worked
Unlike other data breaches, the attackers never infiltrated the IRS' security system. They used the IRS' transcript retrieval service.
The IRS' Get Transcript system allows taxpayers to access tax returns and filings from previous years. To get the tax return transcripts, users need to input their Social Security Number, birth date, tax filing status, and street addresses. They would also need to answer personal identity verification questions.
According to the IRS, hackers already had all the information required to input into the Get Transcript systems. With the information they already had, the hackers attempted to access 200,000 accounts and were able to get 100,000 files, a success rate of 50 percent.
What the Information is Used For
The IRS was first alerted to a problem when they noticed irregular tax filing activity in April. Authorities believe the thieves used the stolen information they compiled to file tax returns in other people's names and steal their tax refunds.
The IRS reports that approximately 15,000 fraudulent returns were filed, and about $50 million in refunds were paid in connection with the data breach.
What to Do
The IRS will send notices to possible victims in the next weeks, and offer free credit monitoring and protection.
In the meantime, you should take steps to protect yourself:
Since discovering the breach, the IRS has disabled its Get Transcript feature and is working to increase security.