IRS Data Breach affects 200,000 US Taxpayers
The Internal Revenue Service (IRS) suffered a four-month long cyber data breach in which hundreds of thousands of taxpayers’ accounts were compromised. Thieves tried to access the tax accounts of 200,000 taxpayers, succeeding in about half of their attempts. Of those 104,000 breaches, approximately 36,000 fraudulent tax year 2014 returns were filed to claim false tax refunds. However, 23,000 of those returns were flagged by fraud filters and were stopped in processing.
They obtained taxpayers’ social security numbers, addresses, birth dates, filing statuses, and salary histories. How, exactly, they gathered this information is still unknown, but the IRS’s servers were not hacked to retrieve this data; the thieves had the information prior to accessing the IRS’s applications. Through the IRS’ online ‘Get Transcript’ application, the thieves, believed to be organized crime syndicates based in Russia, were able to access prior year tax returns and file thousands of fraudulent returns between February 2015 and May 2015.
Due to this breach, the ‘Get Transcript’ application has been temporarily shut down and the IRS plans to notify all 200,000 taxpayers who were affected. If you were one of the 104,000 whose tax account was accessed, you will receive free credit monitoring and be issued an Identity Protection Pin (IP PIN). You will need to use the IP PIN on current and all future tax returns or the return will be rejected as a future fraud-prevention tactic.
The Criminal Investigation Unit of the IRS and the Treasury Inspector General for Tax Administration are investigating, and the Department of Homeland Security and Federal Bureau of Investigation were alerted and have opened investigations, as well. Hearings have been scheduled with IRS leaders.
It is estimated that the IRS and state tax authorities witnessed an increase in fraudulent tax activity as high as 3,700% this year. The IRS is pledging to make its tax filing system more secure by 2016, as a result of this data breach and the millions of taxpayers who have had identities stolen in prior years.
The IRS was just one of many victims of data breaches in recent history. Since the 2013 holiday season data breach at Target, it has come out that multiple large, multinational corporations have faced the same theft, including Home Depot, Yahoo!, eBay, Google, UPS, JP Morgan Chase, and AT&T.
Some ways to protect your personal information include:
- Do not post personal details on social media platforms. Once it is posted on the internet, assume it can be accessed forever.
- Be aware of where you access personal accounts. Public Wi-Fi usually does not offer the same protection your home or business networks have, so your information could be exposed to a hacker.
- Where plausible, file your taxes as early as possible. It can be hard for a US taxpayer abroad to file by the 15 April deadline, but it leaves less time for thieves to file a false return before you get to it. File your tax returns as soon as you have received all of your information needed.
- If you have filed your return and are due a refund, track it. The IRS has an application called ‘Where’s My Refund?’ You need your SSN, filing status, and the exact amount of the refund you are due. If you notice anything suspicious, alert the IRS immediately.
- If you are a US citizen, you are legally granted free access to your credit reports annually. Monitor your reports and notify the agencies of any suspicious behaviour immediately. The reports are available at www.annualcreditreport.com. Some prefer to check their Experian, TransUnion, and Equifax on a rotating basis, so no more than four months go by before their report is monitored.