For the second year in a row
, the U.S.
Internal revenue service has suffered a high-profile data breach, compromising taxpayers’ E-file PIN numbers.
Hackers were able to access tax-return credentials for 101,000 social security numbers—and that figure could potentially rise as investigators seek to find
out what exactly happened.
The IRS issued a statement and said that it would notify the affected taxpayers
via mail that their information was compromised. The statement read, in part:
The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere
outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file pin is used in some
instances to electronically file a tax return.
No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that
their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect
against tax-related identity theft.
IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for
Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.
The IRS said that hackers attempted to gain access to PIN numbers for around 464,000 accounts, but only succeeded with 101,000.
the IRS suffered a breach that exposed the personal information
of more than 300,000 taxpayers.
It’s another in an ever-growing list of high-profile data breaches that can cause major PR problems for the organizations affected—not to mention potential
nightmare scenarios for those whose data are used in malicious ways.