Blog

In an official statement issued today, the IRS announced that it has shut down an online service to obtain tax records after determining that “unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application.” An initial review of that activity revealed “access was gained to more than 100,000 accounts through the Get Transcript application,” according to the IRS statement.

After the IRS disclosed more information, it became clear the user data was not obtained because of a direct hack of government systems. Rather, weak authentication used by the IRS to protect access to taxpayer data is likely at fault. The attackers were able to acquire taxpayer records using stolen personal identifying information, possibly pulled from online financial fraud marketplaces.

The Get Transcript application, a feature of the IRS’ site that allows taxpayers to download tax return and tax payment transaction data, was apparently targeted by financial fraudsters between February and mid-May. The service was shut down last week as the IRS investigated the activity, which may have been linked to the fraudulent filing of tax returns and transfer of tax refunds. Attempts were made to access over 200,000 accounts; roughly half failed because of incorrect information inputted during the IRS’ authentication process.

The Get Transcript Online feature of IRS.gov allows taxpayers to get “tax account transactions, line-by-line tax return information, or wage and income reported to us for a specific tax year.” To obtain a transcript online, all that was needed to start the process was a Social Security number and an active e-mail address. Once the e-mail address was confirmed as legitimate, the system would then ask a number of questions about personal, financial, and tax information—including date of birth, tax filing status, and address—before providing the transcript for download.

Read full article: http://bit.ly/1J41iT1