IRS' Get Transcript full service is back online
New enhanced security process again allows for direct transcript downloads
CT DMV computer mess messes up 50,000 auto tax bills

Tax watchdog says IRS missed thousands of hacked 'Get Transcript' accounts

Sometimes you just have to feel sorry for the Internal Revenue Service.

The federal tax agency finally brings its Get Transcript online service back fully online after more than a year and BAM! It gets smacked.

IRS Get Transcript back June 7 2016Click image to go to the new, more secure Get Transcript website.

The Treasury Inspector General for Tax Administration today issued a report charging that that the IRS missed some taxpayers whose information fell into criminal hands in last year's Get Transcript hack.

What the crooks were after: The online Get Transcript tool, which now requires a tougher, two-step authentication process in order to use it, lets folks once again download their prior tax filing information.

Tax transcripts are full of filers' data and are used frequently by folks applying for loans, but who don't have copies of their actual IRS filings to verify their income. That's why the online download option was such an appealing target for identity thieves.

When the IRS disabled Get Transcript's online component on May 21, 2015, the agency also confirmed that the hackers had indeed obtained some data from the application. The IRS believes that some of this taxpayer info may have been gathered to file fraudulent tax returns.

Following the hack, the IRS offered taxpayers whose accounts were accessed free credit monitoring. It also flagged affected taxpayer accounts, which the hack investigation found ultimately reached 334,000, to protect them from tax identity theft attempts.

Hacked accounts overlooked: But, says TIGTA in its report, the IRS missed some taxpayers whose personal and tax data fell into identity thieves' hands.

So much for feeling good that you didn't get a letter from the IRS last year, right?

"Our analysis of system audit logs created between January 1, 2014, and May 21, 2015, identified 620,931 taxpayers whose tax account information involved a potentially unauthorized access not identified by the IRS," says TIGTA in long, but thoroughly titled report The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach.

"Further analysis of these access attempts found that potentially unauthorized users were successful in obtaining access to 355,262 of the taxpayers' accounts," adds TIGTA.

OK, that's not too far off the 344,000 final number that the IRS reported.

Originally unidentified found: But, TIGTA says it also identified 2,470 additional taxpayers whose accounts were targeted through the Get Transcript application breach that the IRS did not identify.

These accounts fell through the cracks because, according to the report, the IRS erroneously excluded three system error codes when it identified accounts of potential victims.

"In addition, the IRS did not place identity theft incident markers on the tax accounts of 3,206 taxpayers who the IRS identified as affected by the Get Transcript application breach," says TIGTA.

So that's a potential 5,676 more taxpayer accounts that crooks could have to use in their identity theft and tax fraud efforts.

And, notes TIGTA, the IRS did not offer an Identity Protection Personal Identification Number (IP PIN) or free credit monitoring to 79,122 individuals whose tax accounts the IRS identified as being involved in the hack.

The exponential effect: Also note the use of the word "accounts" in describing what the hackers got their hands on. The distinction is important.

A taxpayer account could be for a jointly filing couple and/or couples and individuals claiming dependents, so hackers could have data on more than just one person filing a single tax return.

Yeah, even more folks are now feeling not so good even though they didn't get a letter from the IRS last year about the Get Transcript hack.

Finally following up: TIGTA questioned the IRS as to why it didn't place the potential ID theft marker on all tax accounts.

The agency's management agreed that all affected taxpayer accounts need the identifier so all returns can be inspected for possible fraud. The agency now is making sure that all affected taxpayer accounts receive the marker.

That was one of eight recommendations that TIGTA made to the IRS in the wake of the Get Transcript hack. They are:

  1. Implement additional evaluative methods to identify all individuals affected by the breach.
  2. Issue notification letters to 620,931 taxpayers whose accounts were potentially targeted and place identity theft incident markers on their accounts.
  3. Ensure that authentication system error codes are analyzed when responding to future data breaches.
  4. Notify the additional 2,470 taxpayers identified and place identity theft incident markers on their accounts.
  5. Place identity theft incident markers on the 3,206 taxpayer accounts, as required.
  6. Revise notification letters to enable taxpayers to more easily identify the individuals whose personal identification information was accessed in any future security breaches.
  7. Ensure that established procedures are followed to identify errors in letters and to verify the sequential order of letters against the letter production plan before the letters are mailed.
  8. Issue an IP PIN to all whose Social Security numbers were used by unauthorized individuals in failed attempts to access the Get Transcript application.

The IRS agreed to the first seven recommendations. But, says TIGTA, the agency disagreed with the final recommendation that it issue IP PINs to the 79,122 individuals whose tax information the hackers unsuccessfully tried to access.

IRS officials did acknowledge the potential inconsistency in its IP PIN issuance policy, according to TIGTA, which reported that agency officials did say they would consider the inconsistency in future IP PIN policy decisions.

Taxpayers be vigilant: Getting IRS to go along with seven of eight suggestions is good. But the tax oversight unit of the Treasury Department says it still is concerned that "the lack of prompt action on this issue leaves these taxpayers' accounts at an increased risk of fraud."

While the IRS follows up on most, but not all, of TIGTA's recommendations, it's a good idea for all of us, whether we were part of the Get Transcript hack or not (or unsure …) to always be vigilant when it comes to our tax and personal financial data.

Remember, while Get Transcript was hacked, the crooks were able to get into some taxpayer accounts by using personal data they obtained elsewhere.  So keep an eye on everything!

You also might find these items of interest:


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.