In an official statement issued today, the IRS announced that it has shut down an online service to obtain tax records after determining that “unusual activity had taken place on the application, which indicates that unauthorized third parties had access to some accounts on the transcript application.” An initial review of that activity revealed “access was gained to more than 100,000 accounts through the Get Transcript application,” according to the IRS statement.
After the IRS disclosed more information, it became clear the user data was not obtained because of a direct hack of government systems. Rather, weak authentication used by the IRS to protect access to taxpayer data is likely at fault. The attackers were able to acquire taxpayer records using stolen personal identifying information, possibly pulled from online financial fraud marketplaces.
The Get Transcript application, a feature of the IRS’ site that allows taxpayers to download tax return and tax payment transaction data, was apparently targeted by financial fraudsters between February and mid-May. The service was shut down last week as the IRS investigated the activity, which may have been linked to the fraudulent filing of tax returns and transfer of tax refunds. Attempts were made to access over 200,000 accounts; roughly half failed because of incorrect information inputted during the IRS’ authentication process.