A letter from the Internal Revenue Service rarely is good news. It’s even worse when the communication informs you that a criminal has your tax data.
That is what has happened to around 100,000 taxpayers. The IRS says crooks obtained taxpayers’ personal identification information elsewhere and then used it to gain access to the filers’ tax transcripts.
The unauthorized access was through the agency’s “Get Transcript” option. With this online tool, a person can immediately obtain a tax return transcript, which shows most line items contained on the return as it was originally filed. This substitute IRS document contains enough information for many financial transactions, including mortgage application verification.
Outside info used to get tax data
To get the transcript, the criminals needed the real taxpayer’s Social Security number, date of birth and street address. They got this data, says the IRS, from outside sources.
Armed with that identifying data, the crooks then were able to make it through a multi-step authentication process, which included correctly answering several personal verification questions that typically are only known by the taxpayer.
The tax agency isn’t pointing any fingers when it comes to the source of the taxpayer information needed to get the transcripts, but the IRS does call the access scheme sophisticated.
“These attempts were quite complex in nature and appear to have started in February and ran through mid-May,” according to a statement the IRS issued on the incident.
As for the tax dollars lost to the transcript crooks, IRS Commissioner John Koskinen says preliminary numbers show less than $50 million was fraudulently claimed.
Not many, but disconcerting
While 100,000 unauthorized tax transcripts were accessed, the IRS says that in all about 200,000 attempts to get taxpayer data were made from questionable email domains.
The agency also points out that the breach was small compared to the total number of legitimate transcripts taxpayers download. During this filing season, the IRS notes, taxpayers downloaded approximately 23 million valid transcripts.
Of course, if you’re one of the statistically minuscule 100,000 whose transcripts were stolen, the numbers don’t matter to you. The IRS recognizes this and this week will begin mailing letters to affected individuals.
Credit monitoring to be offered
All 200,000 targeted taxpayers, regardless of whether their accounts were accessed, will be notified. For the 100,000 taxpayers whose transcripts were accessed, the IRS is offering free credit monitoring. The letters will contain details on how to sign up for the credit protection.
The IRS also is flagging the affected taxpayer accounts to protect taxpayers against tax identity theft, for the current tax season and in 2016. It is possible, says the agency, that the criminals plan to use some of these transcripts for tax return identity theft and fraudulent filing next filing season.
The identity break-in is under investigation by IRS Criminal Investigation unit, as well as the Treasury Inspector General for Tax Administration. The “Get Transcript” application has been shut down and will remain offline until the IRS makes modifications and security upgrades.
As for the rest of the taxpaying public, the IRS says the incident does not involve any of the agency’s other systems, such as core taxpayer accounts or other online applications, such as “Where’s my refund?”
Still, I suspect the IRS will see some drop in taxpayer use of its popular online options. Will you be one of those shying away from the agency’s Web offerings? If you are ever an identity theft victim, Bankrate details a 12-step program to help clear your name and credit.
Worried there may be mistakes on your credit report? Check it for free at mybankrate.com.