The taxpayer security hits keep on coming for the Internal Revenue Service.
One of the biggest security breaches to ever hit the federal tax agency was when hackers, using taxpayer information obtained elsewhere, broke into the “Get Transcript” tool. This online application lets people get copies of their prior tax filings.
Now investigators with the Treasury Inspector General for Tax Administration, or TIGTA, have found “additional suspicious attempts” to access taxpayer accounts.
The TIGTA report released last week says around 390,000 additional taxpayer accounts could be compromised. Add those to the 334,000 accounts the IRS’ own internal investigation ultimately identified as at risk and that’s almost three-quarters of a million taxpayers whose personal info could be in the hands of identity thieves.
In addition, TIGTA found another 295,000 taxpayer transcripts were targeted, but the criminals weren’t able to get the accounts.
724,000 at-risk tax accounts
The 724,000 or so possibly stolen taxpayer accounts might be a bit high.
The IRS says that some of the suspicious email attempts to access accounts found by TIGTA could have been legitimate. They might have come from the taxpayers’ family members, tax return preparers or financial institutions.
However, the IRS says that “in an abundance of caution,” it this week started sending letters to taxpayers whose accounts might have been stolen through the Get Transcript tool in 2014 and 2015.
“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” said IRS Commissioner John Koskinen in a statement on the IRS’ website. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”
IRS help for taxpayers
If your tax account is at potential risk for identity theft, here’s what you can expect from the IRS.
The agency is notifying by mail those taxpayers whose transcripts were accessed and those taxpayers whose transcripts were targeted but not accessed. These mailings will provide details on what steps you should take.
Don’t fall for any calls you might get purporting to follow up on the Get Transcript incident. This will be yet another attempt by ID thieves pretending to be IRS agents in an effort to get your personal information.
If you get a letter, you can request an Identity Protect Personal Identification Number, or IP PIN, by filing Form 14039. An IP PIN will provide an added layer of protection when you file your federal tax return.
The IRS also is offering taxpayers whose returns were accessed a free Equifax identity theft protection product for one year. The agency recommends that these individuals place a fraud alert on credit accounts.
You also should check your credit report for any suspicious activity. Free tools to do that are available at myBankrate.com.