Security Watch

Keeping Track of patches and hacks in the IT security world.

2015 IRS Breach Much Worse Than First Thought

A nine-month investigation reveals that attackers accessed the IRS accounts of about half a million taxpayers.

Download the authoritative guide:

IRS breach

The U.S. Internal Revenue Service is warning that a 2105 breach of its Get Transcript application is significantly worse than first reported.

In May 2015, the IRS publicly confirmed that information on 114,000 American taxpayers was exposed due to a breach of the IRS' Get Transcript application. After an additional nine months of investigation, the IRS is now increasing its publicly disclosed estimate on the number of American taxpayers who were impacted. The IRS now says approximately 390,000 additional taxpayer accounts show evidence of unauthorized access, bringing the total number of potentially impacted taxpayers to about half a million.

The Get Transcript service enables taxpayers to obtain a statement of their tax account transactions, including line-by-line tax return information as well as income reported to the IRS for a given tax year. The service has been offline since the breach was first disclosed in 2015. While the number of impacted taxpayers impacted is high, it actually could have been even worse.

The IRS reported that an additional 295,000 taxpayer transcripts were targeted that the attackers were unable to access. The 2015 IRS investigation had originally reported that an additional 111,000 taxpayer transcripts were targeted but not accessed.

"The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort," IRS Commissioner John Koskinen said in a statement. "We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers."

Since the launch of the Get Transcript service in 2014, the IRS has provided 47 million transcripts to U.S taxpayers, 23 million of which were ordered in the 2015 tax filing season. As such, only a small percentage of taxpayers were targeted, and an even smaller percentage were impacted.

However, that's not any consolation to the half million Americans who were impacted. They now at least will benefit from some additional identity theft protection services thanks to the IRS. The IRS is providing impacted taxpayers with free Equifax identity theft protection products for one year. Additionally, taxpayers can request what is known as an Identity Protect PIN from the IRS.

"An IP PIN provides an additional layer of protection for the taxpayer's SSN [Social Security number] on the federal tax return," the IRS stated.

It's important to note that at this point in the investigation, the IRS is still claiming that the attackers were able to make use of personally identifiable information obtained from other sites, as opposed to a direct compromise of the IRS' systems. That's a phenomenon that was a real challenge in 2015 and will be this year too. In fact, Hewlett Packard Enterprise has dubbed 2015 the year of collateral damage.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.