Last year, the IRS contacted 334,000 taxpayers about a breach in their site that led to possible ID theft and tax fraud. This week, the IRS has added another 390,000 taxpayers to that list, which more than doubles the initial estimate and brings the total number to more than 700,000. This could lead to many more taxpayers having their personal information used for fraudulent tax return filing or other types of ID theft, including opening lines of credit in their name.
Where The Problem Began
The initial attack, which was reported last May, was on the IRS’ website in the “Get Transcript” portal. In this section, taxpayers are able to find tax returns and previous filings. Although this can be very beneficial for taxpayers, it ended up being a spot of weakness to the site. The hackers were able to access records by clearing a security screen asking personal information about the taxpayer. Previously, the IRS stated that the hackers were able to gain access by already having information to sensitive personal data, including social security numbers, from non-IRS sources. The IRS has also said that there around 300,000 more taxpayers were targeted but their information was not accessed. The IRS believes that the theft may be part of a Russian criminal operation.
How Does This Differ From Fraudulent Tax Return Filing
The IRS is also known for being a site of another type of identity theft: fraudulent tax filing. This breach is different than the thousands of fraudulent tax returns filed every year to the IRS by people who have stolen other people’s personal information. This instance was simply a hack into the system to steal valuable personal data. However, because the breach includes so much sensitive information, the data could be used to conduct tax return fraud in the future.
The IRS Responds
The IRS has already contacted some taxpayers about the hack and will continue to contact those affected. They will provide complementary ID theft protection services and will have a special ID number for filling their tax returns. It is important that if you receive any information from the IRS about this hack, that you ensure that it is legitimate. There may be some individuals who choose to capitalize on the IRS’ efforts to help taxpayers and instead use the information for fraudulent purposes. The IRS generally communicates through the mail.
It is always a good measure to take some preliminary measures to protect yourself from identity theft, including protecting your social security information and other sensitive data. You can also routinely check your credit report for any fraudulent entries. There are many ID theft protection services you could use for extra security if you feel as though you may be vulnerable.