Data Breach Forces IRS to Remove E-Filing PIN Feature
The IRS no longer offers taxpayers its e-filing PIN (Electronic Filing Personal Identity Numbers) tool. The feature offered an alternative signature verification when filing tax returns electronically. Why has the IRS decided to remove this security feature?
Compare multiple vetted providers. Discover your best option.
Back in February of this year, cybercriminals stole over 100,000 e-File PINs numbers. According to the IRS’s report, the hackers were not able to access taxpayer’s information. The cybercriminals used a sophisticated bot and 464,000 sets of unique SSNs and their corresponding names and addresses to obtain e-File PINs through the IRS’s website. The IRS only stopped the attackers’ bot after it obtained over 101,000 PINs.
A bot is hacker jargon for robot, one of the most sophisticated crimeware tools available to cybercriminals. Bots infect computers and create a network of infected machines called a botnet. Criminals use botnets to perform a wide variety of tasks, such as completing fraudulent applications on the IRS’s website.
Initially, the IRS decided to keep e-File PINs and phase them out later this year. The IRS continued using e-File PINs because they were embedded in all commercial tax filing software products. Removing them could have jeopardized their functionality during the busy tax filing season.
However, the IRS’s tax fraud squad recently detected a surge of attacks using e-File PINs. This caused the IRS to bring forward its plans to discontinue their use. Dropping the use of e-File PINs will not affect most taxpayers. The IRS also uses last year’s adjusted gross income as an alternative signature verification. If you don’t have access to your tax return, you can request a copy through IRS’s Get Transcript tool. The Get Transcript tool is not flawless either. Last Summer, hackers obtained access to 700,000 accounts and their respective SSNs and birthdates.
IRS Tax Fraud Squad Saved $1.1 Billion from Hackers During the Filing Season
The IRS’s newly established Security Summit partnership has certainly kept busy this tax season. The partnership of federal, state, and private-sector institutions works together to protect taxpayers from identity theft and refund fraud schemes.
In the first four months of 2016, the IRS stopped identity thieves from stealing $1.1 billion on over 171,000 tax returns. Part of the IRS’s success has been thanks to leads reported by tax filing companies, such as TurboTax and H&R Block. Private-sector partners flagged 36,000 suspicious tax returns for further review, which saved taxpayers $148 million in fraudulent claims.