IRS Security Breach: Over 700,000 Now Affected
The United States Internal Revenue Service (IRS) has been forced to admit that a scam targeting taxpayers via its “Get Transcript” application has affected far more people that at first thought – nearly 400,000 more.
In a lengthy update on Friday, the organization claimed that a review of the system following the security incident in May last year had revealed that transcript details for 390,000 additional taxpayers were probably compromised.
That brings the total figure to over 700,000 – far more than the 100,000 initially thought.
Get Transcript was launched in 2014 as an easy way for taxpayers to view, download or have mailed to them their tax transcript.
However, fraudsters soon got in on the act, using stolen Social Security and other data to pose as genuine in order to get filings and tax returns for previous years reissued to them.
The information contained in these was then used to file fraudulent returns early and claim refunds back from the IRS on behalf of their victims.
The IRS said it will be notifying all those affected from today, as well as offering free identity theft protection services and Identity Protection PINs.
“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” said IRS commissioner, John Koskinen, in a statement.
“We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”
The organization also claimed it is sharing information about this incident with the states as part of the Security Summit initiative – a partnership between itself, state revenue departments and the tax industry.
The nine-month long investigation into the security incident followed the discovery that scammers were gaming the system back in May 2015.
It was initially thought that 114,000 taxpayers were affected, but that number soon rose by 220,000 in August last year.
Source: Information Security Magazine