Massive IRS data breach much bigger than first thought
A massive data breach at the IRS was much bigger than was first realized. The agency now says more than 700,000 social security numbers and other sensitive information may have been stolen.
Hackers used the "Get Transcript" program, which allows you to check your tax history online. The IRS began the online program two years ago, allowing taxpayers to request their tax history over the Internet, in addition to the post office. But following a nine-month investigation by the Treasury inspector general for tax administration, the IRS says its online service has put hundreds of thousands of more taxpayers at risk of identify theft, reports CBS News correspondent Jan Crawford.
Not even Virginia-based tax attorney, Wayne Zell, was protected from hackers.
"Somebody was trying to claim a refund using my social security number and I knew something was wrong," Zell said. "I got a form earlier this week stating that somebody had recovered my E-File personal identification number. I don't have an E-File personal identification number."
The IRS's data dump is the latest in a series of disclosures. In May 2015, the agency reported cyber criminals accessed approximately 114,000 taxpayer accounts. Three months later, that number grew to as many as 334,000. This month, the IRS said there are as many as 724,000 victims.
"The IRS is frankly not doing enough to protect us," said Steve Weisman, a senior lecturer at Bentley University and an expert in identity theft. "The very fact that it takes them so many months to even analyze the depth of the problem shows you that there are probably more identity theft that is going on."
The IRS said hackers used personal information gathered from other online sources - like bank accounts - to answer personal identity questions on the "Get Transcript" forms.
One possible culprit is the IRS-approved tax preparers. According to an audit conducted by the non-profit online trust alliance, six out of 13 IRS-approved companies failed at providing adequate security to customers.
"We're often our own worst enemies because there are times that we don't use proper passwords, we don't use proper security," Weisman said.
The IRS said they are notifying the hacked taxpayers by mail, as well as offering free identity protection for a year.
In a statement, the agency said it's "committed to protecting taxpayers on multiple fronts against tax-related identity theft... We are moving quickly to help these taxpayers."
"Short of changing your social security number, which I understand only witness protection program victims can do, I don't really we have a solution yet, but I think we need to search for one," Zell said.
The online viewing and download feature of "Get Transcript" has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.