Skip Tags

Popular Tags

Decorative icon

The Resource Center Identity Theft & Protection The Resource Center | article

GAO: IRS Not Doing Enough to Stop Breaches

A new report suggests that the IRS is not doing enough to stop data breaches.

Though the IRS has taken several steps in recent years to curb the rise of identity theft through fraudulent tax returns, the agency may not be doing enough to keep people safe, argues a new report from the Government Accountability Office. Though tax season is still many months away, it is important for all filers to be aware of any security problems that may afflict the agency.

According to the GAO, thieves may have stolen as much as $3.1 billion from taxpayers in 2014, despite multiple layers of protection designed to stop them. In addition, the government watchdog writes that if further steps are not taken, this number could continue to rise. The report alleged that “sources of stolen identities are limitless,” and that the information that thieves glean from stolen tax returns can then be sold on the black market and used to commit further crimes.

“Identity thieves can hack into government or commercial systems, recruit insiders (such as employees in the healthcare or education industries) to steal PII [personally identifiable information], or purchase, or put pieces of PII together to create an identity,” read the report. It is clear that thieves have many ways to break into the system, even as the government tries to stop them.

Though we may not have the numbers for exactly how much was stolen from taxpayers in 2015, we do know that the IRS suffered a massive data breach last year which shocked policymakers and the general public. As we've noted on our blog, thieves used the agency’s “Get Transcript” system to order hundreds of thousands of copies of tax returns that did not belong to them – using stolen personal data. Then, this year, another breach affected another 100,000 taxpayers. Thieves used Social Security Numbers that had already been stolen to access Electronic Filing PINs, which taxpayers typically used to securely file their returns online. The IRS was actually forced to temporarily suspend this tool in April as it sought to determine where its most glaring weaknesses were located.

What does the GAO recommend?

One of the programs that the IRS put in place to prevent breaches was the Taxpayer Protection Program. This acts as a security wall by asking users personal questions that only they would know the answer to. However, the GAO found that this system is imperfect. The IRS may have paid out as much as $30 million to thieves who filed about 7,200 returns that passed the TPP test, according to the GAO report. It may be difficult to guess or steal personal information used to access tax filings, but it isn’t impossible, and this proves it.

The GAO suggested that the agency update its TPP risk assessment, which it has not done since 2012. This includes developing new measures of identity theft so it will be easier for the IRS to determine whether certain instances of fraud are occurring without being noticed. The IRS may develop more difficult questions for certain high-risk returns, according to a report by Government Executive.

Regardless of what the IRS does, you should be taking precautions on your own to prepare yourself for the possibility of identity theft. After all, it can happen to anyone. An identity theft protection service like Identity Guard can help by monitoring your credit files, Social Security Number and public records. Our service will alert you to certain activity that could be indicative of fraud, allowing you to take action.