IRS suffers another data breach

By Sally P. Schreiber, J.D.

The IRS revealed on Tuesday that it discovered and stopped an automated cyberattack on its e-filing personal identification number (PIN) system last month. According to the IRS, the cybercriminals used information stolen “elsewhere outside the IRS” to generate e-file PINs for stolen Social Security numbers (SSNs). E-file PINs are used by some taxpayers to electronically file their tax returns.

Although no personal taxpayer data were compromised or disclosed by the breach, the IRS noted that the cybercriminals succeeded in using 101,000 SSNs to access e-file PINs (out of 464,000 attempts).

The IRS is notifying the affected taxpayers and placing tax return identity theft markers on their accounts. It is also continuing to closely monitor the Electronic Filing PIN application against further breaches.

The IRS also said it is working with other agencies and the Treasury Inspector General for Tax Administration to assess the problem and has shared information with Security Summit state and industry partners. It said the breach was not related to last week’s e-filing shutdown.

The news follows closely on last summer’s announcement that a breach of the IRS Get Transcript system resulted in the theft of some 334,000 taxpayers’ tax data (see prior coverage here).

Sally P. Schreiber (sschreiber@aicpa.org) is a JofA senior editor. 

SPONSORED REPORT

Click-through nexus: Pushing the boundaries of sales tax compliance

Sales and use tax compliance has been complicated by nexus expansion. In this report, we provide an overview of this issue and include a handy state-by-state summary of click-through nexus or notification requirements.

QUIZ

News quiz: Surveys gauge attitudes toward IRS and economy

Recent news reported about perceptions of IRS service during the recent tax filing season and of the U.S. and global economy during the second quarter. See how much you know about recent news with this quiz.

CHECKLIST

Auditing risks in culture

Cultural flaws can seriously damage an organization. Here’s how internal auditors can reduce risks by embedding culture audits into existing audit programs.