Tech

Identity thieves attack IRS E-File system

The Internal Revenue Service has stopped an attack on its E-File system that was looking to use stolen social security numbers to generate sham login information.

By Greg Otto

February 10, 2016

The IRS stopped a cyberattack on its E-File online tax portal that aimed to use stolen Social Security numbers to generate fake accounts that could be used to submit fraudulent returns.

The tax agency said identity thieves used an automated software bot sometime last month in an attempt to generate E-File PINs for stolen Social Security numbers. An E-File PIN is sometimes used to electronically file a tax return.

IRS cybersecurity experts are currently assessing the situation, but they have already identified unauthorized attempts involving approximately 464,000 unique Social Security numbers, of which 101,000 were used to successfully access E-File PINs.

No personal taxpayer data was compromised or disclosed by IRS systems, the agency said.

The IRS is notifying affected taxpayers by mail as well as marking their accounts to protect against tax-related identity theft.

The incident is not related to last week’s hardware failure, which knocked various tax tools offline for 24 hours.

The announcement comes as top IRS officials are making round rounds before Congress.

IRS commissioner John Koskinen testified before the Senate Finance Committee on Wednesday, while IRS Chief Technology Officer Terry Millholland, Deputy Commissioner for Operations Jeff Tribiano and Director of Privacy Ed Killen will testify Thursday before the House Committee on Oversight and Government Reform.

Last year, data taken from third-party sources was used to access 320,000 taxpayer accounts through the IRS’ “Get Transcript” application.

In President Barack Obama’s proposed 2017 budget, the IRS would get $62 million for cybersecurity, $14 million more than what was requested across the rest of the Treasury Department.

Contact the reporter on this story via email at greg.otto@fedscoop.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.

Identity thieves attack IRS E-File system

More Like This

Federal data, security leaders release zero-trust guide ahead of White House deadline

Agencies face ‘inflection point’ ahead of looming zero-trust deadline, CISA official says

Federal CIO: The TMF has been vital to government’s improved cybersecurity stature

Top Stories

EPA CIO Vaughn Noga details slew of new modernization efforts underway

OpenAI further expands its generative AI work with the federal government

USAID updated policy to allow use of Signal, Telegram in some circumstances

Commerce looking to publish AI-ready data guidance in coming months

GSA chief advocates for simplified cloud buying, ‘best value’ contracting as Congress considers legislation

How federal IT officials are navigating the post-AI executive order ‘hype cycle’

More Scoops

Tax watchdog says IRS hasn’t completed key IPv6 modernization requirements

Former IRS staffer who managed IT contracts pleads guilty to bribery charges

IRS still faces security challenges in aftermath of taxpayer data leak

IRS should bring back Technology Retirement Office, watchdog says

How the IRS’s ‘cautious’ approach with Direct File prevented its ‘failure’

IRS needs funding shift to continue ‘transformational’ modernization work, national taxpayer advocate says

IRS defends use of biometric verification for online FOIA filers

Latest Podcasts

The Biden administration releases a new zero-trust data guide; How the GSA is working to teach federal employees about AI prompt engineering

How CMS is approaching AI adoption with CDSO Andrea Fletcher

What AI means for public sector training and upskilling

What’s at stake in the AI national security memo; the DOD braces to modernize defenses against quantum hacking

Tech

Defense

Cyber

FedScoop TV