According to a nine-month long investigation conducted by the Treasury Inspector General for Tax Administration (TIGTA), another 390,000 additional taxpayer accounts might have been accessed in the “Get Transcript” breach, from last May. With the previous 334,000 confirmed exposed accounts, the total number of accounts involved reaches approximately 724,000. Since the initial incident involving the IRS’s “Get Transcript” application, an investigation has been conducted that started reviewing the activity beginning with the launch of the application in January 2014 for suspicious activity. The application has been offline ever since the breach was discovered.
“This expanded review has identified additional suspicious attempts to access taxpayer accounts using sensitive information already in the hands of criminals,” said the IRS on Friday. “The IRS is moving immediately to notify and help protect these taxpayers, including through free identity theft protection services as well as Identity Protection PINs.”
Short recap
Get Transcript was launched on the IRS website in January 2014. Through this application, taxpayers had the option of immediately viewing and downloading their tax transcript or having it mailed to their address. Taxpayers could view or order multiple years of transcript information. For the 2015 filing season, approximately 23 million transcripts were ordered. Since its launch in 2014, 47 million transcripts have been ordered through the Get Transcript tool. It’s easy to see why this application would be useful.
The IRS announced on May 26, 2015, that taxpayer data had been compromised. The hackers in question used information stolen elsewhere, to pass procedures and get access the Get Transcript application on IRS.gov. At that time, the IRS identified approximately 114,000 taxpayers whose transcripts had been accessed and about another 111,000 taxpayers whose transcripts were targeted but not accessed. In August 2015, the IRS announced it had identified another 220,000 taxpayers whose transcripts may have been accessed and an approximately 170,000 taxpayers whose transcripts were targeted but not accessed.
Shortly after IRS’ announcement, TIGTA investigators began their own review, covering from 2014 through May 2015. According to the IRS, TIGTA investigators identified suspicious email addresses that made multiple attempts to access accounts. The IRS notes it is possible that some of those identified may be family members, tax return preparers or financial institutions using a single email address to attempt to access more than one account. However, in an abundance of caution, IRS will notify all taxpayers impacted. Approximately 685,000 taxpayers will be getting letters from the Internal Revenue Service, warning them that their tax information might be at risk.
“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”
Measures
To counteract this new development, the IRS is using measures similar to those used in 2015. The objective is to protect taxpayers from tax-related identity theft. Here is the action plan:
- Notifying by mail those taxpayers whose transcripts were accessed and those taxpayers whose transcripts were targeted but not accessed. These mailings will provide guidance and notify them that criminals may have their personally identifiable information.
- Informing taxpayers whose transcripts were accessed that they can request an Identity Protect PIN by completing a Form 14039, Identity Theft Affidavit. An IP PIN provides an additional layer of protection for the taxpayer’s SSN on the federal tax return.
- Offering taxpayers whose returns were accessed a free Equifax identity theft protection product for one year, and encouraging taxpayers to place a “fraud alert” on their credit accounts.
Placing extra scrutiny on tax returns with taxpayers SSNs. - Placing special markers on these taxpayer accounts to advise IRS assistors that the caller is part of this event.
“To further protect taxpayers, the IRS also is sharing information about this incident with the states as part of the Security Summit effort,” said the IRS. “This is part of a larger effort undertaken this tax season to protect against identity theft refund fraud through the Security Summit group, a partnership between the IRS, state revenue departments and the tax industry.”
Next steps
As stated before, the online viewing and download feature of “Get Transcript” has been unavailable since May 2015, and the IRS is working to restore that part of the service in the near future with enhanced taxpayer-identity authentication protocols. Other transcript options remain available via IRS.gov, with online requests being taken for mailed copies of transcripts. The IRS reminds taxpayers to plan ahead if they need transcripts; it can typically take five to 10 days before the transcripts arrive in the mail.
This new episode in the “Get Transcript” incident should also act as a reminder of how important Obama’s Cybersecurity Plan is. We are dealing with serious security risks nowadays, and the trend seems to direct customers towards digitalizing as much information as possible. There might come a day (sooner than we think) when all we need to carry around is a device that can render our important info, but until that day comes, there are still plenty of security issues to fix.
