Another day, another U.S. government agency under attack by cybercriminals, it seems.
Today’s target: Everyone’s favorite branch of the federal machinery: the Internal Revenue Service.
IRS officials have confirmed that they have identified an automated attack on its computer systems, aimed at getting information usable for boosting tax refunds. The attack leverages stolen personal data (stolen from elsewhere) to generate E-File PIN numbers. Once those PINs are generated, identity thieves create a false filing and snap up a false refund.
So far, the IRS has identified 464,000 attempts to attain fraudulent E-File PINs. Of those, about a quarter (101,000) were successful in obtaining an E-File PIN.
No personal taxpayer data was taken, and the IRS has notified those whose personal information criminals attempted to use.
An agency spokesman said identity thieves would typically need much more data than an E-File PIN to file a fraudulent return.
Senate Finance Committee Chairman Orrin Hatch (R-UT) says he will ask the agency’s head questions about the multiple breach attempts.
“While it appears that the IRS was able to successfully block this attempted breach this time around, it’s past time we fundamentally rethink our approach in authenticating taxpayers and processing tax returns,” Sen. Hatch said.