The U.S. Internal Revenue Service (IRS) has identified an automated attack on its computer systems that it says is aimed at getting information that could be used to steal tax refunds, The Wall Street Journal reported.
Identity thieves last month used personal taxpayer data stolen elsewhere to generate e-file personal identification numbers to file fraudulent tax returns and claim refunds.
Some individuals use E-file PINs to file tax returns. These numbers are different from identity protection numbers (PIN)s that the agency provides victims of tax ID theft to protect them from future problems.
464,000 Social Security Numbers
The agency has identified unauthorized efforts to gain e-file PINs for 464,000 Social Security numbers, of which 101,000 accessed an e-file PIN.
The agency said no personal taxpayer information was disclosed by IRS systems. It is advising affected taxpayers by mail that criminals used their personal information. The agency said it is protecting accounts from tax ID theft.
An IRS spokesman said identity thieves would usually require much more data than an e-file PIN to file a fraudulent return.
The agency said the incident is not related to an outage last week of Internal Revenue Service tax processing systems.
Also read: Hackers net 5.6 million fingerprint records in U.S. government breach
Senator To Question IRS Commissioner
Sen. Orrin Hatch (R., Utah), the Senate Finance Committee chairman, said he would ask IRS Commissioner John Koskinen about the issue at a previously-scheduled hearing today.
“While it appears that the IRS was able to successfully block this attempted breach this time around, it’s past time we fundamentally rethink our approach in authenticating taxpayers and processing tax returns,” Hatch said.
IRS, state tax officials and tax-preparation firms have sought to combat the tax-refund fraud over the past year. Thieves use stolen personal data to file a return claiming a fake refund. If a thief can use information from a taxpayer’s prior returns, the fraudulent return can be harder for federal and state fraud filters to detect.
Hackers in 2015 stole personal information from over 330,000 taxpayers from the IRS “Get Transcript” database, which included data from prior returns.