Hackers who stole personal information from an online Internal Revenue Service program called “Get Transcript” accessed data on more people than previously thought, according to the federal agency.
The IRS announced Monday that, after an “extensive review,” it has identified “more questionable attempts to obtain transcripts using sensitive information already in the hands of criminals.” That puts an additional 390,000 Americans at risk.
As a result:
- About 220,000 taxpayers will receive letters from the IRS because of successful attempts to access their Get Transcript accounts.
- About 170,000 other households will receive letters from the IRS “as an additional protective step” to notify them that their personal information could be at risk because of unsuccessful attempts to access the IRS system.
The agency said it would begin mailing the letters in the next few days and offer free credit monitoring to more than 100,000 people, as well as what the IRS characterizes as “identity protection PINs.”
This follows a June IRS announcement that the agency had identified 100,000 successful attempts to access to transcripts through Get Transcript, which was shut down in May after the IRS discovered the breaches. An additional 100,000 unsuccessful attempts to breach Get Transcript were also identified at that time.
Hackers were able to break into the program because they had already obtained enough personal information on taxpayers from non-IRS sources, the agency has said:
In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems. The multi-layer process also requires an additional step, where applicants must correctly answer several personal identity verification questions that typically are only known by the taxpayer.
The IRS believes it’s possible that some of the attempts to access tax transcripts were made so that the hackers could use the information to file fraudulent tax returns next year:
For example, any prior-year return information criminals obtain would help them more easily craft seemingly authentic returns, making it more difficult for our filters to detect the fraudulent nature of the returns.
How do you feel about this news? Share your thoughts in our Forums. It’s the place where you can speak your mind, explore topics in-depth, and post questions and get answers.