Stolen data used to breach US tax returns system

Criminals gained access to past returns of more than 100,000 people

Dealing with fraudulent tax claims has been a challenge for the IRS as cybercrime has grown more sophisticated in recent years. The agency paid $5.8 billion in falsely claimed refunds in 2013.
Dealing with fraudulent tax claims has been a challenge for the IRS as cybercrime has grown more sophisticated in recent years. The agency paid $5.8 billion in falsely claimed refunds in 2013.

Criminals used stolen data to gain access to past tax returns of more than 100,000 people through an application on the US Internal Revenue Service’s website.

Using Social Security numbers, birth dates, street addresses and other personal information obtained elsewhere, the criminals completed a multistep authentication process and requested the tax returns and other filings, the IRS said.

Information from those returns was used to file fraudulent returns, the IRS said, and the agency sent nearly $50 million in refunds before it detected the scheme.

"We're confident that these are not amateurs," John Koskinen, the IRS commissioner, said. "These actually are organised crime syndicates that not only we but everybody in the financial industry are dealing with."

READ MORE

The agency has opened an investigation into the breach and has temporarily shut down the Get Transcript application, which was used to gain access to the information. More than 200,000 attempts to view the past returns using stolen information were made from February to mid-May, and about half were successful. It is unclear whether the criminals were operating inside or outside the United States.

Dealing with fraudulent tax claims has been a challenge for the IRS as cybercrime has grown more sophisticated in recent years. The agency paid $5.8 billion in falsely claimed refunds in 2013. “Eighty percent of the identify theft we’re dealing with and refund fraud is related to organised crime here and around the world,” Koskinen said. “These are extremely sophisticated criminals with access to a tremendous amount of data.”

This year, the IRS stopped almost 3 million suspicious returns, Koskinen said, and officials say that new computer filters that look for anomalies have helped prevent identity theft. Senate Finance Committee aides said Koskinen called the committee's chairman late last week to notify him of the breach. The committee kept it quiet while law enforcement officials opened the investigation. "That the IRS - home to highly sensitive information on every single American and every single company doing business here at home - was vulnerable to this attack is simply unacceptable," Hatch said.

The breach is likely to prompt the Obama administration to redouble its efforts to increase the IRS’ budget, which has been cut 18 per cent since 2010, adjusting for inflation. Since 2010, the agency has shed more than 13,000 employees, or 14 per cent of the workforce, with nearly 10,000 lost jobs coming from the enforcement staff, which is down 20 per cent since 2010.

- The New York Times News Service