In an official statement issued today, the IRS announced that it has shut down an online service to obtain tax records after determining that “unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application.” according to an official statement by the agency. An initial review of that activity revealed that “access was gained to more than 100,000 accounts through the Get Transcript application,” according to the statement. The data was obtained not because of a hack of IRS systems, but because of the weak authentication used by the IRS to protect access to taxpayer data. The attackers were able to obtain taxpayer records using stolen personal identifying information—likely pulled from online financial fraud marketplaces. The Get Transcript application, a feature of the IRS’ site that allows taxpayers to download tax return and tax payment transaction data, was apparently targeted by financial fraudsters between February and mid-May. The service was shut down last week as the IRS investigated the activity, which may have been linked to the fraudulent filing of tax returns and transfer of tax refunds. Attempts were made to access over 200,000 accounts; roughly half failed because of incorrect information during the IRS’ authentication process. Read 8 remaining paragraphs | Comments
View post:
IRS system mined for over 100,000 taxpayer records by fraudsters [Updated]
