Users of the Internal Revenue Service’s Get Transcript service are at risk for identity theft after the agency reported today that personal records belonging to more than 100,000 taxpayers had been accessed by hackers.
Get Transcript is unavailable currently on the IRS.gov website; the service provides users with tax account transaction information, line-by-line tax return information or wage and income reported to the IRS for a given year.
The Associated Press reported this afternoon that tax returns and other tax information on file with the agency were accessed. The attackers, the IRS told AP, had access to the system from February to the middle of this month, and beat security checks that require a user to enter personal information such as Social Security numbers, dates of birth, tax filing statuses and street addresses. A criminal investigation is under way.
“The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure,” the IRS said in a statement provided to AP.
The report adds that 200,000 attempts to access the service were made from “questionable email domains.” More than half of those attempts were successful in getting past authentication checks.
The agency added that the attackers already were in possession of personal information belonging to the affected taxpayers; the IRS said it is notifying those affected.