Identity thieves used social security numbers and other data to access the tax filings of more than 100,000 Americans this year, the IRS has admitted. In a statement, IRS commissioner John Koskinen said the "Get Transcript" feature, which which allows people to access tax returns and other filings from previous years, was targeted by "extremely sophisticated criminals" who were then able to obtain an estimated $50 million in fraudulently claimed tax refunds.
Security researcher Brian Krebs wrote about the problem back in March, but the IRS said it was was only alerted to the thefts when technicians noted a higher-than-usual number of people using the Get Transcript feature from February to mid-May. Koskinen said that of 23 million downloaded transcripts, there were more than 200,000 attempts to use the feature — which has been temporarily disabled — from "questionable email domains." More than 100,000 of those attempts cleared the IRS' authentication procedures.
Thieves got the filings through the 'get transcript' feature
Although it admits to paying millions of dollars to crooks, the tax agency says its central computer system is still secure, and that the social security, address, and other personal information for taxpayers was obtained elsewhere. Koskinen didn't specify where that information had come from, but said that 80 percent of the identity theft the IRS was dealing with related to organized crime, and that the people involved had access to a "tremendous amount of data."
Congress is asking the IRS for more details about the case, but if the agency can keep the amount it pays to data-stealing crooks to $50 million, it will be an improvement on previous years. Just two years ago, in 2013, Koskinen said the IRS paid out $5.8 billion in fraudulent refunds to identity thieves.