100,000 Taxpayers' Data Stolen in IRS Breach

100,000 Taxpayers’ Data Stolen in IRS Breach

(Image: Twitter)

An online service run by the IRS was accessed by criminals who took more than 100,000 taxpayers’ personal tax information and bilked the agency for millions of dollars.

[Related: [REPORT] ATM Data Thefts at Highest Level in 20 Years]

According to the Washington Times, the hackers retrieved the details from a new system called Get Transcript, in which taxpayers can go online to obtain their previous tax filings. The crooks allegedly used information they learned about the taxpayers to trick the system into thinking those same taxpayers were logging into Get Transcript in an order to obtain more records about the people. They then used that info to file faux returns to the tune of nearly $50 million, which were paid out by the IRS.

“We’re confident that these are not amateurs,” IRS Commissioner John Koskinen told the Associated Press. “Eighty percent of the of the identity theft we’re dealing with and refund fraud is related to organized crime here and around the world. …These are extremely sophisticated criminals with access to a tremendous amount of data,” he added.

The Washington Times reports that logging in to Get Transcript required users to provide personal identifying information such as those used by credit ratings bureaus, such as the street they lived on as a child (one of a number of problematic questions, according to Google) in order to prove their identity. But Koskinen seemed to indicate that more had to be done in order to maintain online security and blamed social media sites for making it easier to amass such data on users.

Koskinen told reports that the IRS’ own information was secure after the attack.

The number of fraudulent filings is said to be less than 15,000. The IRS breach will find the agency paying for credit-monitoring services for about 104,000 people whose information was stolen, though the agency will send letters to about 200,000 taxpayers whose accounts the hackers tried to access.