The IRS announced that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through the IRS “Get Transcript” application. This data included Social Security information, date of birth and street address. These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer.
The matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ Criminal Investigation unit, and the “Get Transcript” application has been shut down temporarily. The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed. In total, the IRS has identified 200,000 total attempts to access data and will be notifying all of these taxpayers about the incident.
As always, the IRS takes the security of taxpayer data extremely seriously, and they are working aggressively to protect affected taxpayers and continue to strengthen our protocols.
The IRS notes this issue does not involve its main computer system that handles tax filing submission –that system remains secure.
By Melinda Nelson, CPA