The US tax collection agency, the Internal Revenue Service (IRS), has identified an automated attack that was carried out on its computer systems to gain access to scores of social security numbers (SSNs) of taxpayers and steal Electronic Filing (E-file) PINs. An E-file PIN is used to electronically file a tax return.
According to the IRS, a total of 101,000 of 464,000 unique SSNs were used by attackers to access E-file PINs. The malware attack was carried out by identity thieves (ID thieves), who used stolen personal data to generate E-file PINs for the stolen SSNs. However, personal data of the taxpayers was not compromised or disclosed by the systems, the IRS has said.
The agency said it will notify affected taxpayers through email about their personal information being used to access the IRS application. It has also promised to protect those affected against any tax-related ID theft.
Currently, cybersecurity experts at IRS are investigating the attack. The IRS is working along with other agencies such as Treasury Inspector General for Tax Administration.
The malware attack, which took place in January, has no connection to the outage of IRS tax processing systems that occurred recently, the IRS has confirmed.
The IRS experienced a hardware failure that affected a number of tax processing systems, including the modernised e-file systems along with other related systems on 3 February. As a result of the failure, a number of taxpayer and tax practitioner tools were unavailable, besides various services such as My Refund.
The systems were back to normal and started accepting individual and business tax returns late on 4 February. It, however, anticipated that nine out of 10 taxpayers would receive their refunds within 21 days.
John Koskinen, the IRS commissioner said, "IRS teams worked throughout the night and around the clock on this system outage. Taxpayers should see little, if any, impact on their tax returns or refunds. We apologize for the inconvenience this caused, and we appreciate the support and patience from taxpayers as well as our partners in the tax community and state revenue departments."
This is not the first attack by ID thieves. Earlier in May 2015, data thieves had stolen information of some 100,000 taxpayers.