The US Internal Revenue Service (IRS) has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.
The attack was performed by an automated bot. It’s objective was to extract PINs from the Electronic Filing PIN application on the IRS.gov website. The app creates 5-digit PIN codes for those who want to file their tax returns online, and the code is used to authenticate the filer’s identity.
“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers,” the IRS explained.
“Based on our review, we identified unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN.”
The appropriate authorities have been informed of the matter, and the Service’s own cybersecurity experts are “assessing the situation.”
The IRS says that no personal taxpayer data was compromised, and that taxpayers affected by this incident will be notified by mail. Finally, their accounts will get additional protection: the IRS will flag them to protect against tax-related identity theft.
The IRS says that this attack had nothing to do with last week’s outage of IRS tax processing systems.
The Service suffered a similar attack last year, when cybercriminals were able to successfully steal tax forms full of personal information of more than 100,000 taxpayers through IRS’ Get Transcript application. Later, the number of affected users was amended – it was actually 300,000.