WASHINGTON (5/28/15)--Cybercriminals armed with stolen Social Security numbers and other pieces of personal data infiltrated an online service offered by the Internal Revenue Service (IRS) recently, stealing prior-year tax return information from more than 100,000 U.S. households, according to The Wall Street Journal (May 26).
The IRS said the data used by criminals to gain access to the sensitive information was stolen during unrelated incidents. The agency added that nearly 15,000 refunds totaling nearly $50 million were fraudulently paid as a result.
Between February and mid-May, roughly 104,000 attempts to gain access to earlier returns were successful, IRS Commissioner John Koskinen told The Journal, while an additional 100,000 attempts were unsuccessful.
Despite the intrusion, however, Koskinen is not calling the incident a data breach.
“This is not a hack or data breach,” Koskinen told The Journal. “These are imposters pretending to be someone who has enough information” to get more.
Still, the incident illuminates the continuing problem of massive data breaches, in which enormous amounts of consumer data is stolen.
Often, as appears to be the case with the IRS incident, criminals use the stolen data to dig for even more sensitive and potentially damaging information.
“Five years of all kinds of data breaches are coming home to roost,” Neal O’Farrell, founder of the Identity Theft Council, told The Journal. “Thieves have so much data about so many consumers that they are now able to join the dots and fill in the blanks.”
The Journal reported that to access information found on the IRS’ website, criminals had to advance through a multistep authentication process requiring prior personal knowledge about the taxpayer.
The process involved answering personal identity-verification questions such as “What was your high school mascot?”
CUNA continues to press lawmakers at the federal and state levels to pass legislation that would require merchants to uphold the same strict payment data standards imposed upon financial institutions.