Skip to content ↓ | Skip to navigation ↓

Late last month, we learned that the Internal Revenue Service (IRS) had suffered a data breach, leading to the inadvertent disclosure of approximately 100,000 Americans’ personal information.

The organized crime syndicates had gained unauthorized access into taxpayers’ accounts by leveraging an IRS website application called Get Transcript – a feature that allowed users to easily access their past tax returns and tax statements.

Like any other website, account access was made available only after the user answered several personal verification questions that typically, only the user would know.

Cyber criminals, however, were able to answer these questions using stolen information gathered from various other sources.

The recent high-profile breaches, including the millions of medical records leaked from health insurers Anthem and Premera, help make social security numbers, dates of birth and other personal information widely available for sale on the criminal underground.

Ken Westin, senior security analyst at Tripwire, explains that in this particular case, cyber criminals used stolen information to automate a process that allowed them to complete Get Transcript submissions in bulk.

The end goal for these cyber criminals was to exfiltrate additional tax information.

“The fraud that can be committed with this information is easy,” says Westin. “It’s an easy way for them to generate revenue.”

“These criminal syndicates really look at cyber crime as a business. It’s not the hacker in the basement anymore. It’s a very organized and very collaborative group.”

On June 2, IRS Commissioner John Koskinen testified before the Senate Finance Committee, stating IRS cybersecurity personnel identified about 200,000 “suspicious” and “complex” attempts to gain access to taxpayer accounts via the Get Transcript application between mid-February and mid-May.

Of the 200,000 attempts, about half of them successfully cleared the authentication hurdles, said the IRS.

The Get Application feature has since been temporarily shut down, and will remain disabled until modifications are made, including stronger security.

Subsequently, the IRS announced on Thursday a new set of steps aimed to better protect against identity and fraud prior to next year’s tax-filing season.

In collaboration with representatives of tax preparation and software firms, payroll and state tax administrators, the groups revealed several new initiatives, aimed to enhance the security of the tax filing process.

With the new system and process in place, tax preparers will now cross-reference electronically filed returns with IP addresses and computer devices. The time taken to complete the form will also be reviewed in an effort to detect computer-mechanized fraud.

Koskinen assured taxpayers should have “a safer and more secure experience,” adding:

“This agreement represents a new era of cooperation and collaboration among the IRS, states and the electronic tax industry that will help combat identity theft and protect taxpayers against tax refund fraud. We’ve made tremendous progress, and we will continue these efforts.” 

Meanwhile, Westin added stronger cybersecurity measures, such as two-factor authentication to complete a tax filing, would help devalue these stolen records on the underground market significantly. In turn, cyber criminals may be less motivated to go to extreme measures to acquire this data.

However, there are some simple proactive steps users can also take to better protect themselves.

“We become a little complacent when it comes to our security,” said Westin. “It always seems to be someone else’s problem.”

Frequently reviewing credit card statements, notifying your bank about a suspicious charge, and monitoring your credit score are all easy best practices to remain vigilant.

“We do need to start taking some responsibility,” concludes Westin.


Image courtesy of