IRS Successfully Thwarted Hack Attempt (This Time)
The IRS has announced it successfully blocked hackers who were attempting to steal electronic filing PINs belonging to taxpayers. The attack, which took place in the prime of tax season, is the latest attempt to steal data, but fortunately for tax payers was not successful this time around. Notably, the IRS announced last year that it had suffered a data breach, one that left hundreds of thousands of taxpayers vulnerable to identity theft.
The IRS issued a statement on the cyberattack yesterday, saying it "identified and halted an automated attack" on the e-filing PIN application hosted on the agency's website. The hackers are said to have been using "personal data" acquired outside of the IRS' system (that is to say, through ways that aren't the IRS's fault) along with malware to generate PINs for tax payers' Social Security numbers.
That attempt was not successful, however, as the IRS says it stopped the attack and none of its systems provided personal details belonging to taxpayers. Affected taxpayers have been notified that someone attempted to use their data, however, enabling them to take steps to secure their other accounts and monitor their credit reports.
Affected tax payers are being notified through mail, and the IRS is marking their accounts so they'll be protected from any identity theft involving taxes.
According to the tax agency, the hackers tried to get PINs for 464,000 different Social Security numbers; of those, 101,000 "were used to successfully access an E-file PIN." The exact date of the cyberattack wasn't stated, except that it happened in January some time. This had nothing to do with the recent IRS outage, and no information has been provided about who may be responsible.
In a statement, the IRS said:
IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.
Last year was a rough time for various government entities, including the IRS. The agency had reported a large hack that had — per initial reports — compromised 100,000 tax payers. By August, the IRS had updated its report, disclosing that more than 600,000 tax payers had been targeted, and that half or more of them had their details accessed.
In that instance, some of the hacking attacks had been blocked by authentication requirements, but others had been successful.
SOURCE: IRS