Tax Season 2016 – IRS “Get Transcript” Got Hammered!

Published On March 5, 2016 | By Tom Huskerson | Tax Season


irs-seal-logoIn a devastating admission the IRS has announced the number of taxpayers PINs compromised has doubled again. In May of 2015 the IRS announced that there were 114,000 breached accounts. Then, in August, it added 390,00 to that number. Now the number sits at 724,000 breached accounts. The hackers were hard at work as the IRS also reported hackers unsuccessfully targeted an additional 295,000 taxpayer transcripts. Now the number of unsuccessful attempts is 570,000. 

Hackers are using the hacked accounts to file false tax returns and stealing tax refunds. Hundreds of millions of dollars have been stolen in this manner and the victims usually don’t know it until they file their return only to have them rejected.

The IRS has begun notifying the new victims and those whose accounts were attacked but not breached. IRS Commissioner John Koskinen said in a statement that “The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft and these mailings are part of that effort. We are moving quickly to help these taxpayers.”

According to the IRS hackers were able to access people’s social security numbers and personal details through their website called “Get Transcript.” Get Transcript was launched in January 2014 on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

According to the agency taxpayers used the ‘Get Transcript” tool to download about 23 million transcripts in its first few months of  2015 when it was introduced. The service supposedly used extensive security measures to thwart cyber criminals such as asking for Social Security numbers, addresses and birthdays.  The “Get Transcript” function was shut down in May of 2015.

In more sickening news Krebsonsecurity.com reported that the IRS’s attempts to protect last year’s tax fraud victims was also a total failure. Krebs reported that the IRS mailed 2.7 million of the six digit PINs to prior year tax identity theft victims. But the IRS also allowed taxpayers to retrieve their PIN from the IRS website. The same authentication procedures used by the identity thieves to file the fraudulent tax returns in the first place.

Hackers did not attack the IRS computer systems directly. According to experts the information that allowed the criminals to hack accounts came from online searches and social media accounts. Much of the personal information needed to answer security question can be found on sites like Facebook. Another indicator that sharing too much information can be very bad.

Jeff Markley, a tax technician with Burch & Associates Inc. in Lincoln, said, “The culprits already had information through various things. Through social media, you can Google yourself and find out all sorts of sensitive information, like your birth date.”

According to identity theft experts limiting the amount of information shared online is the best way to prevent becoming a victim of identity theft.  Also don’t click on attachments and links in an email unless you are certain of what they are. Don’t talk to people claiming to be the IRS over the phone. The IRS only contacts taxpayers via the mail.

The embarrassments for the IRS continue.  According to a recent report from the Online Trust Alliance six of 13 IRS approved tax preparation companies failed to provide adequate security to its customers. The companies are all members of the IRS’s Free File Alliance. This group provides free tax preparation and e-filing for an estimated 100 million federal tax returns. The Online Trust Alliance reported the following services failed an online security audit.

  1. 1040.com
  2. 1040now.net
  3. Fileyourtaxes.com
  4. Free1040taxreturn.com
  5. Jacksonhewitt.com
  6. Online Taxes at OLT.com

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

One Response to Tax Season 2016 – IRS “Get Transcript” Got Hammered!

Leave a Reply

Your email address will not be published. Required fields are marked *