Just when you thought it was safe to let your guard down, cyber-criminals have blindsided us again. This time they’ve used the Internal Revenue Service’s “Get Transcript” application to gain access to approximately 100,000 taxpayer accounts.
The IRS released a statement Tuesday stating the government agency is “working aggressively to protect affected taxpayers and strengthen [their] protocols even further going forward,” after learning that hackers used “non-IRS sources” to access data, including Social Security information, dates of birth and street addresses associated with the accounts of nearly 100,000 taxpayers. The IRS said the security breach occurred when criminals gained access to its online Get Transcript application, which has since been shut down pending a full investigation by the Treasury Inspector General for Tax Administration.
According to the IRS, “the online application will remain disabled until the IRS makes modifications and further strengthens security for it.”
The data breach was limited to the Get Transcript application, said an IRS representative. The main IRS computer system that manages tax filing submissions was not affected and remains secure.
Reports state that the criminals were able to gain access to the accounts by obtaining information specific to the certain taxpayers, which allowed them to navigate the Get Transcript authentication process, which includes asking the user to answer several personal questions to confirm their identity. The IRS said, since February, there have been about 200,000 attempts to access taxpayer’s Get Transcript accounts from “questionable email domains – of which, about 100,000 were successful.
Expect to receive a letter in the mail if your account was one of the 200,000 accounts targeted. And if your account was one of those that were compromised, your letter will provide additional information, including specific instructions to access free credit monitoring services that will be provided by the IRS to ensure your data is not being used in other financially damaging ways. According to the IRS, the letters started going out this week.
Concerned about identity theft as a result of this breach? Click here to learn what to do if your identity is stolen or if your personal information is compromised.
If you are a business owner, do you have protocols in place to protect your business from a cybercriminal?Email Rea & Associates to learn how you can protect your business from a cyberattack. You can also get some useful tips and information in the related articles below.
By Lesley Mast, CPA (Wooster office)