Although the Internal Revenue Service (IRS) tries very hard to secure taxpayer information, thieves have found ways around them. Taxpayers, more than ever, are the victims of stolen refund payments and identity fraud. Through sophisticated means, cyber-criminals are most likely using information gathered from other sources besides the IRS to gain access to taxpayers’ data.
The IRS has never had a data breach of its database, but hackers are outsmarting the security measures by answering security questions correctly and have been able to commit fraud. Data from previous hacks on the Office of Personnel Management and Anthem Blue Cross could have been in the thieves’ possession and might have been used to gain access to the Get Transcript and Identity Protection Pin systems as well as other IRS systems. The Offer in Compromise IRS program did not completely omit social security and employer identification numbers from files available to the public. The information had already been retrieved once the IRS became aware of the issue.
The increase in breaches of federal government websites started in 2015 with 77,183 cyberattacks reported–a 10% increase from 2014. As the IRS continues to move taxpayer activity online, the risk of a data breach increases resulting in a need to improve defective security measures such as authentication and encryption features. The implementation of security recommendations from the Government Accountability Office (GAO) has not been carried out completely and may have resulted in stolen taxpayer information used by unscrupulous individuals. Agencies are careful with consumer information, but not enough.
Photo courtesy of freedigitalimages.net/SalvatoreVuono
