Editor’s Note: This story first appeared at LegalTechNews, an ALM property. Click here to view the original post.
Filing taxes is never a worry-free task, but for some taxpayers, the 2014 tax season just got a little more stressful. The Internal Revenue Service (IRS) is reporting that a major cyberbreach has compromised the sensitive information of as many as 100,000 American taxpayers, according to comments made by U.S. IRS Commissioner John Koskinen on May 26.
Among the information potentially compromised were Social Security numbers, birthdates and addresses. The IRS says that while hackers made over 200,000 attempts to access information, only around 100,000 households were affected.
According to a release issued by the IRS, the stolen records were compromised via the Service’s’ “Get Transcript” portal, which allows taxpayers to request tax documents for loan approvals, mortgage applications and other financial related tasks. The agency said that the hackers first collected information through an as of yet unidentified third-party, which made clearing the multi-step verification process of “Get Transcript” service possible. Affected citizens will be notified via mail, and will be offered a year of credit monitoring by the IRS.
“While it’s too soon to assess the real damage caused by the IRS data breach, the potential harm is almost incalculable,” Craig Newman, a partner with Patterson Belknap Webb & Tyler told Legaltech News. “The IRS has estimated that perhaps $50 million in fraudulent refunds were issued as a result of the compromised tax returns, but what we don’t know is what else will be done with the trove of personal information contained in these tax returns.”
For now, the transcript request service has been suspended and the event is pending investigation of by the Treasury Inspector General for Tax Administration and the IRS’s Criminal Investigation unit. The IRS has stated that the breach was a concerted effort by a sophisticated hackers unit, which made efforts to collect information on taxpayers and access their information through “Get Transcript” starting in February 2014.
“Data breaches are not just becoming more sophisticated, but are increasingly malicious,” Newman pointed out. “And, as the IRS breach shows, it’s becoming more difficult to protect private information even when armed with detailed cyber and data security threat assessments.”
The event is the most recent in a series of high-profile attacks that have compromised personal identifiable information from large organizations. This particular incident points out potential issues with the resources and staffing at the disposal of government agencies.
“In the aftermath of a breach like this, tough questions will be asked. Were there early warnings that this was happening? Did the fact that half of the attempts to gain access to taxpayer information were unsuccessful trigger any alarm bells?,” Newman said. “These are only a few of the questions that the IRS will be called upon to answer over the coming weeks.”