IRS Hacked: 100K Tax Accounts Accessed by Data Thieves

First Target, then Home Depot, now, everybody's favorite government agency, the IRS has been attacked by data thieves.

The IRS has admitted this week that 100,000 taxpayer files have been accessed by hackers in the last couple months. While 100,000 people is a small amount compared to the millions affected by Target's data breach, this theft is more worrisome because of how the thieves got the information.

How it Worked

Unlike other data breaches, the attackers never infiltrated the IRS' security system. They used the IRS' transcript retrieval service.

The IRS' Get Transcript system allows taxpayers to access tax returns and filings from previous years. To get the tax return transcripts, users need to input their Social Security Number, birth date, tax filing status, and street addresses. They would also need to answer personal identity verification questions.

According to the IRS, hackers already had all the information required to input into the Get Transcript systems. With the information they already had, the hackers attempted to access 200,000 accounts and were able to get 100,000 files, a success rate of 50 percent.

What the Information is Used For

The IRS was first alerted to a problem when they noticed irregular tax filing activity in April. Authorities believe the thieves used the stolen information they compiled to file tax returns in other people's names and steal their tax refunds.

The IRS reports that approximately 15,000 fraudulent returns were filed, and about $50 million in refunds were paid in connection with the data breach.

What to Do

The IRS will send notices to possible victims in the next weeks, and offer free credit monitoring and protection.

In the meantime, you should take steps to protect yourself:

1. Monitor your credit report and credit card statements for irregularities. If you notice any unauthorized purchases or credit cards, contact your credit card and credit reporting company immediately.
2. Change your security question answers. Security experts speculate that hackers can easily mine your social media accounts for the answers to these questions.
3. If you have filed a tax return but have not received your tax refund, contact the IRS, and file a complaint.

Since discovering the breach, the IRS has disabled its Get Transcript feature and is working to increase security.

Related Resources:

• IRS Says Thieves Stole Tax Info From 100,000 (ABC News)
• Home Depot Data Breach: 56M Payment Cards May Be Affected (FindLaw's Free Enterprise)
• 3 Tricks Identity Thieves Use During Tax Season (FindLaw's Law and Daily Life)
• The Greatest Threat to Your Data Security May Be Yourself (FindLaw's In House)