IRS illustration by Thursday Review

Photo composition by Thursday Review

IRS Data Breach Worse Than Originally Reported
| published August 18, 2015 |

By Thursday Review staff

A breach of the computer network of the Internal Revenue Service in the early spring of 2015 was far worse than officials with the IRS or other government agencies first stated. In May, IRS officials reported that the data of more than 110,000 taxpayers may have been compromised in a sophisticated cyber-attack which bypassed security measures and went undetected for more than a month. The attack may have begun as early as February, and continued into April.

But now the IRS says the actual number of Americans whose information may have been stolen totals three times that figure—exceeding 334,000.

The hackers used a popular application called “Get Transcript” as a side-door access to IRS records, which ultimately may have exposed names, addresses, Social Security numbers, past earnings, and birth dates. The FBI and other investigators believe the hackers stole the information as part of a growing wave of phony tax form submissions and tax fraud, a problem which has increased exponentially over the last five years.

In May, IRS computer experts shut down the external website “Get Transcript” and severed its portal to IRS records. At that time, officials with the FBI and the IRS hinted that the culprits may have been Russian, or had strong links to Russian criminal organizations.

The IRS says it will contact all taxpayers whose information may have been compromised by the data breach. The agency will offer free credit monitoring, and will request that taxpayers impacted by the cyber-attack enroll in a separate program using a unique ID number and password.

The “Get Transcript” program was a tool designed to make it easy for taxpayers to access their past tax records and forms. It could also be used to gather past data for student loans and some types of mortgage refinance options. The hackers developed a code which tricked the IRS security measures into allowing the thieves into the tax archives, and into individual taxpayer records.

Fraudulent tax returns have become a costly problem for Americans. Estimates are that there were about $1.1 billion in phony returns in 2011; $3.5 billion in 2012; $5.8 billion in 2013. Figures for 2014 are not yet fully available, but some watchdog groups and independent non-governmental organizations suggest that the total could approach $9 billion for last year, indicating that the problem has grown exponentially worse and will continue to grow.

Much of the tax fraud is centralized in specific cities and towns in Russia and China, where scores, even hundreds of payments may be made to the same street address. According to the Associated Press, IRS records indicate that one single mailing address in Lithuania received more than 650 tax refunds in 2012. Tampa, Florida is considered the tax fraud capital of the U.S., as in the past three years some mailing addresses have received hundreds of refund payments in a single month.

The early spring 2015 data breach was halted when IRS computer experts happened to see an unusual spike in the number of people using the “Get Transcript” application. Upon closer examination, they realized that many of the requests were coming from the same IP addresses or from the same networks. Networking supervisors immediately shot down the program and then went about developing a more reliable firewall.

Related Thursday Review articles:

Taxpayer Information Stolen From IRS Website; Keith H. Roberts; Thursday Review; May 27, 2015.

More Than 22 Million Impacted by Cyber-Attack; R. Alan Clanton; Thursday Review; July 9, 2015.