Criminals Stole Data from 100,000 IRS Taxpayer Accounts

June 4, 2015

The IRS announced on May 26 that criminals gained unauthorized access to information on approximately 100,000 tax accounts through the “Get Transcript” application on its website. The data may include taxpayers’ wage and tax return information, Social Security numbers, dates of birth, and street addresses. The third parties gained sufficient information from an outside source before trying to access the IRS website, which allowed them to clear a multi-step authentication process that includes several personal verification questions that typically are only known by the taxpayer.

Various news organizations reported that officials believe the data breach originated in Russia.  The matter is under review by the Treasury Inspector General for Tax Administration, as well as IRS’s Criminal Investigation unit. In addition, the “Get Transcript” application has been shut down temporarily.

In addition to disabling the application, IRS stated it has taken a number of immediate steps to protect taxpayers, including:

  • Sending a letter to all of the approximately 200,000 taxpayers whose accounts had attempted unauthorized access, notifying them that third parties appear to have obtained access to taxpayer Social Security numbers and additional personal financial information from a non-IRS source before attempting to access the IRS transcript application. Although half of this group did not actually have their transcript account accessed because the third parties failed the authentication tests, IRS is taking an additional protective step to alert taxpayers.
  • Offering free credit monitoring for the approximately 100,000 taxpayers whose accounts were accessed to ensure the information isn’t being used through other financial avenues. Taxpayers will receive specific instructions on how they can sign up for the credit monitoring. The IRS noted that these outreach letters will not request any personal identification information from taxpayers.In addition, the tax agency is flagging the underlying taxpayer accounts on its core processing system for potential identity theft to protect taxpayers going forward — both right now and in 2016. For the past several years, the IRS has been cracking down on identity theft schemes that are aimed at stealing taxpayers’ refunds. When this type of fraud occurs, an individual’s refund can be delayed for months or longer.

The letters will be mailed out starting later this week and will include additional details for taxpayers about the credit monitoring and other steps. The IRS added that this incident only involves its application for transcripts. It doesn’t involve other IRS systems, such as core taxpayer accounts, or other applications, such as “Where’s My Refund.”

Uses of the “Get Transcript” Application

Taxpayers who logged onto the IRS website to use the “Get Transcript” application needed the information for various activities, such as verifying income for a mortgage or student loan. The information provided to them depended on the requests, according to the IRS. It might have shown line-by-line information on their tax returns, adjustments made by the IRS to their accounts and data from wage returns such as W-2s and 1099s.

About 23 million taxpayers used the “Get Transcript” application this past filing season, the IRS stated.

Congressional Hearing

Senator Orrin Hatch (R-UT), chairman of the Senate Finance Committee, announced a hearing will be held June 2 to investigate the data breach. In a statement, Hatch said: “That the IRS — home to highly sensitive information on every single American and every single company doing business here at home — was vulnerable to this attack is simply unacceptable. What’s more, this agency has been repeatedly warned by top government watchdogs that its data security systems are inadequate against the growing threat of international hackers and data thieves.”


Employee Retention Credit – Voluntary Disclosure Program Open Through March 22, 2024


Instructions for Safesend Electronic Organizers

Fraud and Forensic Accounting

FinCEN Beneficial Ownership Information Reporting Requirement Goes Live January 1