How Did Taxpayers' Info Get Hacked at the IRS?

WASHINGTON – The Internal Revenue Service has determined that about 104,000 taxpayers experienced identity theft recently as a result of computer hackers entering an agency application and security steps are being taken to assure the calamity doesn’t occur again.

Appearing before the Senate Finance Committee, IRS Commissioner John Koskinen reported the recent occurrence of numerous unauthorized attempts to obtain taxpayer data through the agency’s “Get Transcript” online application, intended to provide taxpayers with access to their previous year’s returns, remains under investigation.

“While we are continuing our in-depth analysis of what happened, the analysis thus far has found that the unauthorized attempts to request information from the ‘Get Transcript’ application were complex and sophisticated in nature,” Koskinen said. “These attempts were made using taxpayers’ personal information already obtained from sources outside the IRS – meaning the parties making the attempts had enough information to clear the Get Transcript application’s multi-step authentication process.”

Koskinen said the IRS recognizes “the severity of the situation for these taxpayers” and the agency is doing everything possible to regain the information.

“Securing our systems and protecting taxpayers’ information is a top priority for the IRS,” Koskinen said. “Even with our constrained resources as a result of cuts to our budget totaling $1.2 billion since 2010, we continue to devote significant time and attention to this challenge.”

Hackers, he said, have proved able to gather increasing amounts of personal information of taxpayers as a result of data breaches at sources outside the IRS, rendering “protecting taxpayers increasingly challenging and difficult.”

“Get Transcript” allows taxpayers to view and print a copy of their prior-year tax transcript in a timely fashion. Prior to the introduction of the online tool, taxpayers had to wait five to seven days after placing an order by phone or by mail to receive a paper transcript by mail.

Koskinen said taxpayers use tax transcript data for a variety of reasons, including verifying income when applying for a mortgage or student loan.

The IRS cybersecurity team first noticed unusual activity on the “Get Transcript” application in the middle of May. At that time, investigators thought the agency might be facing a “denial of service” attack, an event involving an attempt by hackers to try to disrupt a website’s normal functioning.

“Our teams worked aggressively to look deeper into the situation during the following days and ultimately uncovered questionable attempts to access the ‘Get Transcript’ application,” Koskinen said. “As a result, the IRS shut down the ‘Get Transcript’ application on May 21. The application will remain disabled until the IRS makes modifications and further strengthens security for the application.”

Koskinen assured the committee that the hackers did not attempt to gain access to the main IRS computer system that handles tax filing submissions.

“We believe it is possible that some of the attempts to access tax transcripts were made with an eye toward using the information to file fraudulent tax returns next year,” Koskinen said. “For example, any prior-year return information criminals obtain would help them more easily craft seemingly authentic returns, making it more difficult for our filters to detect the fraudulent nature of the returns.”

Now that the application has been closed, Koskinen said, the agency’s biggest concern is to make sure affected taxpayers are protected against fraud in the future. Immediate steps have been taken to assist the affected taxpayers in protecting their data against fraud.