The criminals who hacked their way into 104,000 taxpayer accounts at the IRS last month may have fooled the agency into paying out up to $39 million in fraudulent tax refunds, IRS Commissioner John Koskinen told a Senate committee Tuesday.
Koskinen confirmed to the Senate Finance Committee that about 100,000 accounts were successfully breached last month through the “Get Transcript” application on the IRS site. Many of those accounts had already filed a tax return for 2014, but many others didn’t, and some of those accounts may have been used to file fake requests for tax refunds.
“Of the approximately 100,000 successful attempts to access the Get Transcript application, only 13,000 possibly fraudulent returns were filed for the tax year 2014, for which the IRS issued refunds totaling $39 million,” he said.
Koskinen said the IRS is currently investigating whether any of these refunds were improperly claimed by thieves who used public information to access those accounts. “We’re still determining how many of these returns were filed by actual taxpayers, and which were filed using stolen identities,” he said.
Koskinen said the IRS has identified the 13,000 “suspect returns” for which the IRS issued refunds. The $39 million in refunds being investigated amounts to an average of about $3,000 for each “suspect return” being examined.
Of the remaining accounts that were hacked, about 35,000 had already filed their 2014 tax return. Koskinen said that means they should not be affected, because any attempt to file a new return would be automatically rejected by the IRS system.
He said “unsuccessful attempts” were made to file another 23,500 fraudulent returns, but he said the IRS stopped those. “These 23,500 returns were flagged by our fraud filters and stopped by our processing systems before refunds were issued,” he said.
Koskinen repeated that IRS computers were breached using publicly available data, and said the IRS servers are still “secure.” The IRS has said thieves were able to get Social Security numbers and other data through other sources to impersonate people and get into the IRS system that way.
Republicans in Congress have been cutting IRS funding over the last few years, a response to overspending on conferences and the decision to slow-walk requests from conservative groups seeking tax-exempt status.
But the top Democrat on the Finance Committee, Sen. Ron Wyden, D-Ore., said Congress needs to respond to the cyberattack with more funding for an improved IT system.
“To protect taxpayers from this onslaught of cybercrime, the IRS needs a 21st century IT system,” Wyden said.
