Between February and May fraudsters used compromised consumer information to obtain more detailed tax payer data via the IRS’s “get transcripts” web service for consumers. The IRS estimates there were 200,000 unauthorized attempts or lookups to gain access to copies of previous year tax returns, more than half of which were successful, leading to as much as $39 million in fraudulently claimed tax refunds.
Much of the information that fraudsters were not able to use this year, because the victim had already filed their tax return, may be utilized when it comes time to file next year. While fraudsters were able to gain access to last year’s tax returns for more than 100,000 consumers, only 13,000 led to tax filings that the IRS accepted. About 35,000 of the consumers who had this information compromised had already filed legitimate tax returns while an additional 33,000 did not file at all this year. The IRS estimates that they blocked 23,500 fraudulent returns made on the behalf of these breach victims, but there were 13,000 tax returns the IRS accepted associated with the victims of this breach. At this time it is uncertain the exact number of these that were legitimate returns and which were filed by fraudsters, but in total these represent $39 million in tax refunds.
The IRS has taken measures to make tax information more accessible to legitimate taxpayers, but fraudsters will try to take advantage of these features and services as well. IRS Inspector General J. Russell George led an audit of the IRS’ interactive computer applications in March which identified many areas in which the IRS “could better protect taxpayer data.” The audit included 44 recommendations which have not yet been implemented.
For more information: