Identity Thieves Breached IRS Computer Systems, Agency Says -- Update
10 February 2016 - 1:03PM
Dow Jones News
By Laura Saunders and Richard Rubin
The Internal Revenue Service said Tuesday that it identified an
automated attack on its computer systems aimed at getting
information that could be used to steal tax refunds.
The agency said identity thieves last month used personal data
of taxpayers that was stolen elsewhere in an attempt to generate
e-file personal identification numbers to file fraudulent returns
and claim tax refunds.
E-file PINs are used by some individuals to file their tax
returns. The numbers are different from Identity Protection PINs,
which the IRS gives victims of tax ID theft to protect them from
future issues.
The agency said it identified unauthorized attempts to obtain
e-file PINs for 464,000 Social Security numbers, of which 101,000
successfully accessed an e-file PIN.
No personal taxpayer data was disclosed by IRS systems, the
agency said. The IRS is notifying affected taxpayers by mail that
their personal information was used by criminals. The IRS said it
is protecting their accounts against tax ID theft.
An agency spokesman said identity thieves would typically need
much more data than an e-file PIN to file a fraudulent return.
The agency also said the incident is unrelated to last week's
outage of IRS tax processing systems.
Senate Finance Committee Chairman Orrin Hatch (R., Utah) said he
would question IRS Commissioner John Koskinen about the issue at a
previously scheduled hearing Wednesday.
"While it appears that the IRS was able to successfully block
this attempted breach this time around, it's past time we
fundamentally rethink our approach in authenticating taxpayers and
processing tax returns," Mr. Hatch said.
Over the past year, the IRS, state tax officials and
tax-preparation firms have conducted a campaign to combat the
growing problem of tax-refund fraud, a crime in which thieves use
stolen personal information to file a return claiming a fraudulent
refund. If the swindler is able to use information from a real
taxpayer's prior returns, the fake return could be harder for
federal and state fraud filters to detect.
In 2015, hackers stole the personal information of more than
330,000 taxpayers from the IRS's "Get Transcript" database, which
provided data from prior returns.
Write to Laura Saunders at laura.saunders@wsj.com and Richard
Rubin at richard.rubin@wsj.com
(END) Dow Jones Newswires
February 09, 2016 20:48 ET (01:48 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.