The IRS announced Tuesday, May 26, 2015 that criminals used taxpayer data acquired from non-IRS sources to gain access to information through the IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street address.
The IRS determined that unauthorized third parties gained access to some accounts on the Get Transcript application. Following the IRS’ initial review, it appears that about 200,000 attempts were made from questionable email domains, and more than 100,000 of those attempts successfully cleared the authentication hurdles in place on the Get Transcript application.
The IRS has disabled the Get Transcript application and has taken immediate steps to protect taxpayers, including:
- The IRS will send a letter to all of the approximately 200,000 taxpayers whose accounts had attempted unauthorized access. The letter is to notify them that third parties appear to have had access to their Social Security numbers and other personal financial information.
- The IRS is also offering free credit monitoring for the approximately 100,000 taxpayers whose Get Transcript accounts were accessed. This protection is to ensure that the taxpayers’ information isn’t being used through other financial avenues. These taxpayers will receive specific instructions on how to sign up for the free credit monitoring service.
- The IRS is also marking the taxpayer accounts on their core processing system to flag for potential identity theft in order to protect taxpayers going forward.
The IRS letters mentioned above are scheduled to be mailed out starting later this week and will include details for taxpayers about the credit monitoring and other steps. At this time, no action is needed by taxpayers outside the affected groups.
This matter is currently under review by the Treasury Inspector General for Tax Administration and IRS offices, including Criminal Investigation.
The IRS has emphasized that this is an isolated incident only involving the Get Transcript application. Other IRS systems including the core taxpayer accounts or Where’s My Refund application were not involved.
Please contact Somerset to assist you with any questions related to this data breach or the Identity Theft Process.