The Internal Revenue Service said Tuesday, February 9, that it recently identified and stopped an automated attack on its E-Filing PIN application. Tax season always marks a spike in fraud and identity theft. After nationwide reports of scammers calling residents claiming they owe money to the IRS or AARP, this recent attack is just another instance of criminal activity during the tax season. The criminals used personal data stolen from outside the IRS and malware to acquire E-Filing PINs They used over 400,000 Social Security Numbers and 101,000 SSNs were successfully used to access the E-Filing PINs. The IRS said the incident is not connected or related to last week’s outage of IRS tax processing systems.
“No personal taxpayer data was compromised or disclosed by IRS systems,” said the IRS in a statement. The IRS said its cybersecurity experts are currently assessing the situation. They are working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS is also sharing information with its Security Summit state and industry partners. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”
Members of congress are questioning whether the IRS is equipped to fight these attacks and protect the identities of American taxpayers. During a hearing before the Senate Finance Committee on Wednesday about the IRS budget with IRS Commissioner John Koskinen, committee chairman Orrin Hatch (R-Utah) said, "We were reminded of these risks last year when data thieves breached the IRS’s own website through the Get Transcript portal and successfully stole the tax records of 330,000 taxpayers...That is 330,000 taxpayers who now have their most sensitive tax information sitting out there in the hands of criminals waiting to use that information to do further damage this tax year, or the next, or even 10 years from now. We were reminded of this threat yet again just yesterday, when news broke of another large-scale attack against the IRS, but thankfully it appears that the attack was unsuccessful. The Get Transcript breach is going to haunt us for years to come, and, unfortunately, it’s only one of many."
Although the IRS has "thrown 2,000 people in jail for identity theft", they do not have the power to completely stop criminals from attempting to commit fraud against taxpayers. Instead, they have put measures in place designed to protect the identities of residents. IRS Commissioner John Koskinen urges people to use a different number than their Social Security Number for filing their taxes. The identity protection personal identification numbers (IP PIN), originally reserved for the victims of identity theft, can now be used by any taxpayer looking to protect their identity.