Remember when back in May 2015 the IRS took offline its Get Transcript app because it was misused by cybercriminals to access sensitive personal information of more than 100,000 taxpayers? Well, the final number is much, much higher.
In a statement released on Friday, the Internal Revenue Service said that “the Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity,” and discovered that approximately 390,000 additional taxpayer accounts during the period from January 2014 through May 2015 were potentially accessed, and that 295,000 taxpayer transcripts were targeted but not accessed.
“The IRS notes it is possible that some of those identified may be family members, tax return preparers or financial institutions using a single email address to attempt to access more than one account. However, in an abundance of caution, IRS will notify all taxpayers impacted,” they noted.
The notifications will be sent via snail mail, and will start going out on February 29.
All in all, around 725,000 taxpayer accounts are believed to have been accessed. The IRS upped the original number from May 2015 by 220,000 in August 2015 – add to this this latest one (390,000) and you get that sizeable total.
All affected taxpayers – those whose accounts have been accessed and those that haven’t, but have been targeted – are advised to request an Identity Protect PIN, which will provide an additional layer of protection for the taxpayer’s SSN on the federal tax return, and will be offered free identity theft protection services for a year.
The IRS has also said that they will be placing extra scrutiny on tax returns with taxpayers SSNs, and special markers on these taxpayer accounts so that IRS assistors knows that they have been targeted in this scheme.
The Get Transcript app will remain offline until the Service implements enhanced taxpayer-identity authentication protocols.
Also, it’s not the only IRS app that has been misused by cyber crooks. Some two weeks ago, the Service announced that the Electronic Filing PIN application on the IRS.gov website has been targeted in an automated attack, and the criminals made off with E-file PINs of some 101,000 US taxpayers.