The Internal Revenue Service on Tuesday night said it identified a cyberattack on its systems aimed at stealing tax refund data.
“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen Social Security numbers,” the agency said in a statement Tuesday evening. “An E-file pin is used in some instances to electronically file a tax return.”
Related Story: http://www.washingtonexaminer.com/article/2582789
The agency said it identified approximately 464,000 Social Security numbers targeted in the attack, of which 101,000 were used to successfully access an E-file PIN. However, no additional personal taxpayer data was compromised in the attack, and the information stolen likely is not enough to file fraudulent returns. The agency said it would be working to notify taxpayers who were targeted.
Senate Finance Chairman Orrin Hatch, R-Utah, said he anticipated questioning IRS Commissioner John Koskinen on the issue at a hearing on Wednesday.
“While it appears that the IRS was able to successfully block this attempted breach this time around, it’s past time we fundamentally rethink our approach in authenticating taxpayers and processing tax returns,” Hatch said.
The agency added that the breach took place last month, and was unrelated to a systems outage that took place last week. While the cause of that outage is still unknown, House Oversight Chairman Jason Chaffetz, R-Utah, said that from his perspective, “it may be a hack.”
Related Story: http://www.washingtonexaminer.com/article/2582463
Last year, hackers also stole information on more than 330,000 taxpayers for the agency’s “Get Transcript” database, which held data on old tax returns.
