Criminals obtained more than 100,000 taxpayer records in IRS attack

News
By
published

This is not a hack

Data breach

More than 100,000 taxpayers had their tax records exposed to identity thieves and criminals as a result of an IRS security breach.

The US Internal Revenue Service announced that thieves had illegally accessed more than 100,000 tax records and had made unsuccessful attempts at accessing another 100,000 taxpayer accounts.

The culprit of the breach is weak security authentication using the IRS's Get Transcript application tool online. The tool was taken down late last week, and the IRS website says that users who need to obtain transcripts or records can do so by mail using form 4506.

The breach

Unauthorized access occurred between February and March this year. In order to gain access to records, identity thieves must already have access to victims' personal information, including Social Security numbers, date of births and other identifying information.

IRS Commissioner John Koshiken maintained that the Get Transcript tool was legitimately accessed by 23 million users this year, but the agency identified more than 200,000 attempts that could be fraudulent.

Impact

When identity thieves gain access to tax transcripts illegally, they can file fraudulent tax refunds. The agency believes that only a small proportion of tax refunds filed are fraudulent. Koshiken says that no more than 15,000 tax refunds filed may be bogus, resulting in a loss of $50 million.

However, if criminals have tax transcripts, identity thieves can wreak greater financial havoc by using the obtained personal information for other financial crimes.

The agency is sending out letters to the more than 200,000 taxpayers that may be affected, offering free credit monitoring service for added protection. If you don't reserve a letter from the IRS, you don't need to be concerned.

This is not a hack

The agency's computers and servers were not compromised or hacked in any way, Koshiken insists, stating that the attacks were carried by sophisticated criminals. The agency was alerted when its system noticed an unusual amount of activity related to the Get Transcript application. Initially, it believed that this was a result of a denial-of-service, or DoS, attack.

A recent research estimates that security breaches can cost the economy as much as $2.1 trillion (around £1.35 trillion, or AU$2.6 trillion) by 2019.

Chuong Nguyen
Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – Elon Musk confirms 'massive cyberattack' as former Twitter site hit by fourth outage today
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
Whirlwind I Computer

Happy birthday, Director! The first operating system in the world turns 70 today
See more latest
Most Popular
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why
Glowing server racks inside a data center.
The dirty little secret about AI hardware that you should know about: server vendors have to wrestle with wafer thin margins and bigger customers
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels