IRS Commissioner: More than 1 million daily hacking attempts

Printed from:

( — IRS Commissioner John Koskinen told the Senate Finance Committee on Tuesday that the Internal Revenue Service’s computers “withstand more than 1 million malicious attempts to access them each day.”

“We work continuously to protect our main computer systems from cyber attacks and to safeguard taxpayer information stored in our databases. These systems withstand more than 1 million malicious attempts to access them each day,” Koskinen said in his opening statement.

Koskinen said the IRS has made “steady progress in protecting against fraudulent refund claims and criminally prosecuting those who engage in this crime,” but he said the type of criminal it deals with has changed.

“The problem used to be random individuals filing a few dozen or a few hundred false tax returns at a time. Now we’re dealing more and more with organized crime syndicates here and in other countries,” he said.

“They are gathering, as the chairman noted, almost unimaginable amounts of personal data from sources outside the IRS so they can do a better job of impersonating taxpayers, evading our return-processing filters and obtaining fraudulent refunds,” Koskinen added.

To combat this “complex and evolving threat,” the IRS joined with leaders of the electronic tax industry, the software industry, and the states to create the Security Summit Group” in March 2015, Koskinen said.

“This is an unprecedented partnership that is focused on making the tax filing experience safer and more secure for taxpayers in 2016 and beyond. Our collaborative efforts have already shown concrete results this filing season. For example, Security Summit partners have helped us improve our abilities to spot potentially false returns before they’re processed,” he added.

In written testimony to the committee, Koskinen said the IRS “initially identified approximately 114,000 taxpayers whose transcripts had been accessed and approximately 111,000 additional taxpayers whose transcripts were targeted but not accessed” during last year’s tax filing season.

“We offered credit monitoring, at our expense, to the group of 114,000 for which the unauthorized attempts at access were successful. We also promptly sent letters to all of these taxpayers to let them know that third parties may have obtained their personal information from sources outside the IRS in an attempt to obtain their tax return data using the Get Transcript online application,” he wrote.

“One aspect of the IRS’s efforts to help taxpayers affected by identity theft involves the IP PIN, a unique identifier that authenticates a return filer as the legitimate taxpayer,” he wrote. “If the IRS identifies a return as fraudulently filed, the IRS offers the legitimate taxpayer the ability to apply for an IP PIN for use when filing their next return.”

The IP PIN is mailed to the taxpayer’s address of record and is valid for only one tax filing season. The IP PIN program began in 2011. Since then, the program “has grown significantly,” Koskinen wrote.

For the 2016 tax filing season, the IRS issued IP PINs to 2.7 million taxpayers identified as victims of identity theft or participants in a pilot program. Participants of the pilot program live in Florida, Georgia, and Washington, D.C. – areas with “high concentrations of stolen identity refund fraud.”

— Written by Melanie Hunter