IRS Reports Theft Of More Than 100,000 Taxpayers' Information
AUDIE CORNISH, HOST:
The IRS says some 100,000 taxpayers had their data stolen from the agency's computers, including Social Security numbers and back tax information. The agency says it determined late last week that unusual activity had taken place and that the affected taxpayers will be given free credit monitoring services. NPR's Brian Naylor joins us now with more of the details, and, Brian, just how was this data stolen? How can it be used?
BRIAN NAYLOR, BYLINE: Audie, the IRS says this was a pretty sophisticated operation. It took place between February and March, and what the fraudsters were doing was trying to get tax information using a link on the IRS website called Get Transcript. That information, that transcript, includes back tax returns and other data. It's typically used by people applying for mortgages and that sort of thing. And the idea is that with this information a criminal could better file a fraudulent return down the road, say, next year because they'd have a more complete record of the taxpayer and could easier fool the IRS safeguards in place. And so to get this transcript, the criminals needed to know not just a taxpayer's, you know, information and name and Social Security number and that, but also they would have to answer an authenticator question, like where were you married or what was your high school mascot?
CORNISH: And where would that information come from?
NAYLOR: Well, IRS Commissioner John Koskinen says it probably came from social media - Facebook pages, that kind of thing. Koskinen spoke during a conference call with reporters this afternoon.
(SOUNDBITE OF ARCHIVED RECORDING)
JOHN KOSKINEN: This is not a hack in the normal sense of people just running around looking for passwords and trying to hack into the system. These are a set of people who are, as to say, imposters of the taxpayer. They weren't getting any data from us. They showed up with all the information and then tried to use it as best they could.
CORNISH: So now that the IRS knows about this operation, what are they doing about it?
NAYLOR: Well, Koskinen says they took the link Get Transcript down, and, in addition, they're offering the free credit monitoring. And the inspector general and the IRS criminal investigation office is looking into it. They also say the breach did not affect the main computer system that handles tax filing submissions. That system remains secure. And they also sent out letters - the IRS did - to all 200,000 taxpayers whose accounts had attempted access. So it was only half of those that the access was actually given.
CORNISH: Brian, does the IRS know how much it actually paid out in these fraudulent returns?
NAYLOR: Well, Koskinen says it's hard to know for sure at this point because the information that was obtained may be, you know, intended for filing fraudulent returns next year. But so far, they think they've paid out under $50 million fraudulently.
CORNISH: And yet, this is not the first time the IRS has had trouble with fraudulent returns this year, right?
NAYLOR: No, right. You know, it's become an increasingly serious problem. You may recall TurboTax stopped handling state tax returns earlier this year when it appeared that people were using that service to file fraudulently. But this problem doesn't appear to be related to the TurboTax issue.
CORNISH: And who does the IRS say is responsible for this latest breach?
NAYLOR: They say it's a very complex operation - probably organized crime syndicates.
CORNISH: That's NPR's Brian Naylor. Brian, thank you.
NAYLOR: Thanks, Audie. Transcript provided by NPR, Copyright NPR.