IRS: Tax Data Breach Was Much Worse Than Thought

The personal information of nearly 400,000 Americans may have been at risk in a recent data breach reported by the IRS. How will you know if you were among the targets?

Hackers who stole personal information from an online Internal Revenue Service program called “Get Transcript” accessed data on more people than previously thought, according to the federal agency.

The IRS announced Monday that, after an “extensive review,” it has identified “more questionable attempts to obtain transcripts using sensitive information already in the hands of criminals.” That puts an additional 390,000 Americans at risk.

As a result:

  • About 220,000 taxpayers will receive letters from the IRS because of successful attempts to access their Get Transcript accounts.
  • About 170,000 other households will receive letters from the IRS “as an additional protective step” to notify them that their personal information could be at risk because of unsuccessful attempts to access the IRS system.

The agency said it would begin mailing the letters in the next few days and offer free credit monitoring to more than 100,000 people, as well as what the IRS characterizes as “identity protection PINs.”

This follows a June IRS announcement that the agency had identified 100,000 successful attempts to access to transcripts through Get Transcript, which was shut down in May after the IRS discovered the breaches. An additional 100,000 unsuccessful attempts to breach Get Transcript were also identified at that time.

Hackers were able to break into the program because they had already obtained enough personal information on taxpayers from non-IRS sources, the agency has said:

In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems. The multi-layer process also requires an additional step, where applicants must correctly answer several personal identity verification questions that typically are only known by the taxpayer.

The IRS believes it’s possible that some of the attempts to access tax transcripts were made so that the hackers could use the information to file fraudulent tax returns next year:

For example, any prior-year return information criminals obtain would help them more easily craft seemingly authentic returns, making it more difficult for our filters to detect the fraudulent nature of the returns.

How do you feel about this news? Share your thoughts inour Forums. It’s the place where you can speak your mind, explore topics in-depth, and post questions and get answers.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!

Read Next: IRS Enlists States, Tax Preparers to Halt Hacking of Taxpayers

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,488 more deals!