IRS Identifies 100,000 data breaches through the “Get Transcript” Application

IRS Identifies 100,000 data breaches through the “Get Transcript” Application

IRS announced this week that identity thieves have gained unauthorized access to approximately 100,000 taxpayer accounts through the IRS’s “Get Transcript” application.  In total, IRS identified 200,000 attempts to access taxpayer data.

The criminals, in a sophisticated effort, procured sufficient information from non-IRS sources to clear a multi-step authentication process.  This information included social security information, date of birth, and street address, as well as personal verification questions typically known only to the taxpayer.

The IRS Criminal Investigation Unit and Treasury Inspector General for Tax Administration are reviewing the matter.  IRS has temporarily shut down the “Get Transcript” application, and has taken several additional steps to protect taxpayers.  These additional steps include:

  • The IRS will send letters to all 200,000 taxpayers whose accounts had an attempted unauthorized access.  The letters will notify taxpayers that third parties appear to have accessed taxpayers’ personal information.
  • The IRS will offer free credit monitoring to the 100,000 taxpayers whose “Get Transcript” accounts were accessed, to ensure taxpayers’ information is not being used through other financial avenues.  The IRS will issue specific instructions so taxpayers can sign up for credit monitoring.  The outreach letters will not ask taxpayers for any personal identification information.
  • Additionally, the IRS is marking underlying accounts on its core processing system to flag for potential identity theft through 2016.

Letters are expected to be mailed this week.  At this time, no additional actions are needed for taxpayers outside the affected groups.

IRS notes this incident involves only the “Get Transcript” application.  Other IRS systems, such as core taxpayer accounts, are unaffected and remain secure.