Thieves using stolen Social Security numbers attempted to access E-file PINs at the IRS but didn’t compromise or expose taxpayer information.
Advertisement
Using stolen social security numbers (sourced from outside the IRS), the bot was used to generate E-file PINs from the stolen social security numbers.
The IRS says it won’t ask for payment over the phone and that it notifies taxpayers who owe money by mail.
The IRS states it has “identified unauthorized attempts involving 464,000 unique SSNs”.
For example, if you filed a tax return a year ago with an address in Florida, Georgia or the District of Columbia, you could choose to apply with the IRS for an IP PIN.
Ironically, an E-Filing PIN is a sort of second factor of authentication (2FA), that you need, along with other personal data, when submitting online tax returns. Got a question for the IRS on your taxes? Although the law requires employers to give employees their W-2s by January 31, most state tax agencies (and the IRS) usually don’t get the information until April. Security experts contacted by eWEEK are not surprised that the IRS is once again reporting an attack against its systems. It works with victims of identity theft and assists them in removing fraudulent tax information from their accounts and in filing corrected tax returns, if necessary. So, honestly we can not help but be aware that ID thieves want to cook up ways to claim a $3,000 or $6,000 tax refund using your Social Security number and name. Seriously. Why do we ignore some opportunities, such as possibly requesting something called an “IP-PIN”, which is an option to avoid using your Social Security number? “Taxpayers must be able to trust that IRS employees will protect their sensitive information, not steal it and corrupt it for personal gain”. Though the IRS has stated that no personal taxpayer data was compromised or disclosed in the new attack, JP Bourget, CEO of Syncurity, noted that there is still a real risk. “There’s also the angle of now your account is flagged and the uncertainty of how that affects a taxpayer over time and what hidden costs may arise from that”.
Advertisement
“While of great concern, this latest report of a cyber intrusion involving the IRS is not surprising in light of the vast inventory of PII (in particular Social Security numbers) in the hands of hackers as a result of countless breaches in the past few years”, said Adam Levin, chairman and founder of IDT. “That may help stop the next, similar assault on a high-value target”.
