Request a Demo
Welcome to the Cygilant Blog

Organized Criminals Breach IRS

Posted by Vijay Basani on Jun 3, 2015

The Internal Revenue Service has been breached by an organized ring of identity thieves. These criminals tried to gain access to the information of 200,000 taxpayers, and succeeded in breaching half of those records.


Through the “Get Transcript” application on the IRS’s website, taxpayers are able to request a transcript of their previous filings. The hackers used the “Get Transcript” application to gain access to confidential taxpayer records. The application was targeted this filing season, from early February to mid-May. The application has been taken down, but taxpayers can still request for a transcript to be delivered to them through ground mail. Before the IRS took down the transcript application, taxpayers downloaded 23 million transcripts safely.


In order to gain this confidential taxpayer information, the cyber criminals had to get through the IRS’s multi-step identity authentication process. The identity thieves needed to know information like street addresses, and spouse names, which could be obtained from stolen credit bureau records. Security experts also suspect that these cyber criminals bought identity-verifying information from other hackers. These particular cyber criminals could have bought stolen records from the Anthem data breach, and from the Home Depot data breach.


The IRS’s website also asked personal questions to verify identity. One question asked what the tax filer’s mascot was in high school. The identity thieves were able to find this information by going through social media accounts, and perhaps by using tools that automate log-in submissions. Taxpayers are concerned that the hackers were able to get through these personal security questions with a 50% success rate.


The cyber criminals’ presence was first noticed when IRS employees realized that an inordinately large amount of taxpayers were requesting transcripts. At first, the IRS thought that they were suffering a DDoS attack, since the increase in traffic was so significant. Then they realized that hackers were using the “Get Transcript” application to steal information.  


The IRS says that the hackers were able to get $50 million from 15,000 fraudulent returns before the employees discovered this breach. Last year, the IRS paid $5.8 billion in false returns. IRS Commissioner John Koskinen believes that the hackers must have had access to sophisticated technology to conduct this data breach. The hackers calculated this hack, and broke into the IRS’s system without injecting any malware. The IRS’s computer systems were not hacked, but their website was. This calculated data breach shows how important it is for federal agencies to detect suspicious activity as soon as possible. With EiQ SecureVue, federal agencies can have continuous compliance monitoring to detect vulnerabilities. EiQ SecureVue provides for fast and easy event reporting and searching, and alerts Information Assurance Managers to suspicious or unusual activity. With EiQ SecureVue, federal agencies can keep their data safe from organized crime.

Tags: Data Breach, Hacking, SecureVue

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All