Data Breach at the IRS

On June 2, 2015, IRS Commissioner Koskinen testified that the IRS suffered a data breach to its “Get Transcript” application.  The data breach occurred between mid-February and mid-May.  Approximately 200,000 accounts were targeted with approximately 104,000 of those targets being successful.

What is the “Get Transcript” application?  It is an online program at that will allow you to obtain text versions of annual tax filings including information about your income, dependents, employment, social security number and address to name a few.  In order to obtain this transcript, the taxpayer must answer a series of questions designed to authenticate their identity.  The answers to these questions are designed so that only the taxpayer would know them.

So how could the criminal know these taxpayer specific answers?  With the increasing electronic environment we live in, data is more readily available to those criminals who know how to access it.  Social media also enables the information gathering as taxpayers share personal information about themselves that could help someone to beat the authentication process.

As the need to access data electronically increases, the focus on fraud prevention becomes more important.  The IRS has stated that no other application was targeted such as the main IRS computer system.  The IRS is working with state tax agencies as well as tax software companies to continue finding ways to make taxpayer information more secure.  The IRS is actively enforcing tax fraud and identity theft when it is discovered.  In June, a Florida man convicted of identity theft in a scam to claim $1.8 million in false refunds was sentenced to 27 years in federal prison.

As data security becomes more important, we should be aware of our role in the process.  Some steps you can take to avoid being a victim include changing passwords periodically, making sure your computer is secure, only giving out your social security number when it’s absolutely necessary, and checking your credit report annually.

It is the responsibility of the IRS, state taxing agencies, tax preparers and others to protect the information that is entrusted to them.  It is also important for taxpayers to take an active role in identity protection.