IRS breach claims 220,000 additional US taxpayers

The US Internal Revenue Service has confirmed that its "Get Transcript" security breach has seen 220,000 more taxpayers fall victim, with another 170,000 people to be contacted by the organisation.
Written by Asha Barbaschow, Contributor

The United States Internal Revenue Service (IRS) has revealed that in excess of 220,000 taxpayers may have had their personal information accessed, in addition to the 100,000 originally reported, as a result of a data breach.

Originally reported back in May, thieves used the IRS' "Get Transcript" system to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer, to access the personal taxation information of individuals.

"As it did in May, the IRS is moving aggressively to protect taxpayers whose account information may have been accessed," the IRS said.

"Since May, the IRS conducted a deeper analysis over a wider time period covering the 2015 filing season, analysing more than 23 million uses of the 'Get Transcript' system."

As a result of further investigation, the IRS is mailing letters out to those additional 220,000 taxpayers, and has said that approximately 170,000 further households will also receive a letter alerting them that their "personal information could be at risk", even though the IRS said thieves failed in efforts to clear the authentication processes to access their information.

The organisation believes some of the pilfered information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season.

"The IRS takes the security of taxpayer data extremely seriously, and we are working aggressively to protect affected taxpayers and continue to strengthen our systems," the IRS said.

"The matter remains under review by the Treasury Inspector General for Tax Administration, as well as IRS Criminal Investigation."

In June, Chinese hackers were blamed for a massive data breach from the US Office of Personnel Management, the federal agency responsible for vetting about 90 percent of the people for working in the federal government. The data of potentially 18 million current, former, and prospective US federal employees was taken in the attack.

At the beginning of the month, the Internet Corporation for Assigned Names and Numbers (ICANN) fell victim to its second cyberattack in 12 months. At the time, ICANN admitted that usernames, email addresses, and encrypted passwords for profile accounts on its public website were obtained by an "unauthorised person", expecting that user preferences, public biographies, interests, newsletters, and subscriptions would be amongst the leaked information.

Just last week, two Ukraine-based hackers were identified as the leaders of a nine-man syndicate which stole media releases from three major newswire companies, and on-sold them to cheat the securities market, raking in $100 million from illegal sales.

The US Department of Justice said that in addition to the two Ukraine-based ring-leaders, seven defendants from Ukraine and the US were involved in the criminal conspiracy, making more than $30 million in illegal trades on the pilfered information.

Editorial standards