Tax season turned into fraud season this year, as many taxpayers found that criminals infiltrated the Internal Revenue Services and at least one third-party tax preparation providers to steal up to $50 million in refunds – and now the IRS has acknowledged that the wrongdoers gained access through its “Get Transcript” application.
The IRS announced this week that cybercriminals used the Social Security numbers, dates of birth, and street addresses acquired from other sources to obtain tax information and successfully file fraudulent returns for 100,000 consumers. Another 100,000 attempts at access failed, but the IRS said it would notify all affected taxpayers and provide free credit monitoring services for the taxpayers whose accounts were accessed.
“In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems,” stated IRS Commissioner John Koskinen. “The multi-layer process also requires an additional step, where applicants must correctly answer several personal identity verification questions that typically are only known by the taxpayer.”
The United States Treasury Inspector General for Tax Administration as well as the IRS’ own criminal investigation unit will further examine the case, he added. In comments to reporters, Koskinen attributed the hacks to “organized crime.”
Although reports of fraudulent tax returns have been emerging for several weeks, the IRS noted that it determined the source of the fraud just last week.
“The IRS determined late last week that unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application,” said Koskinen. “Following an initial review, it appears that access was gained to more than 100,000 accounts through the Get Transcript application.”
The Get Transcript app has been shut down for security enhancements and according to the IRS, 15,000 fraudulent returns were processed as a result of the criminal activity.
In an effort to reduce further fraud, the IRS stated that affected policyholders would receive outreach letters regarding credit monitoring but these letters would not require them to provide any information to the sender. The IRS noted that even in the unsuccessful attempts, consumers would be notified.
“That’s because malicious actors acquired sensitive financial information from a source outside the IRS about these households that led to the attempts to access the transcript application,” Koskinen said. Credit monitoring for the 100,000 affected taxpayers should ensure that their information is not being misused in other ways.
In February, Intuit, creators of the TurboTax filing software, halted state e-filing services after an increases in reports of fraudulent returns. At the time, Intuit CEO Brad Smith told news outlets that his company had not experienced a breach and that the information had been accessed elsewhere.
While it reached a new high this year, tax return fraud due to identity theft is not new. The U.S. Department of Justice named Stolen Identity Return Fraud (SIRF) a high priority.
“Identities used in SIRF crimes may be stolen from anywhere. SIRF criminals have used social security numbers stolen from institutions such as hospitals, nursing homes, and public death lists, thereby exploiting some of the most vulnerable members of our communities—the elderly, the infirm, grieving families,” noted Kathryn Keneally, assistant attorney general for the DOJ’s Tax Division. “However, everyone with a social security number is potentially vulnerable to having their identity stolen. According to the IRS, from 2008 through May of 2012, the Service has identified more than 550,000 taxpayers who have had their identities stolen for the purpose of claiming false refunds in their names.”