By using the IRS’s “Get Transcript” online system, thieves were able to order copies of other filers’ tax returns through the use of personal data, such as Social Security numbers, dates of birth and street addresses. The thieves were then able to claim $29 million worth in fraudulent tax refunds.
The IRS has inadvertently paid out billions to identity thieves in the past thanks to similar breaches, but it hopes that recent protection efforts will put a stop to the practice. According to a recent report by the New York Times, the agency has announced a new partnership with state tax authorities and private tax preparation firms that will result in the creation of a stronger authentication process for accessing copies of tax returns.
“We have come to realize we are now dealing with a much more sophisticated enemy than in the past,” IRS Commissioner John Koskinen said at a recent press conference. “It’s clear that criminals have been able to gather increasing amounts of personal data as the result of ongoing data breaches at various sources outside the tax system.”
As part of the new requirements for accessing sensitive information, the IRS will crosscheck all returns filed electronically with Internet addresses and computers to make sure that the filer is the legitimate taxpayer. The agency will also check how long it takes to complete an electronic tax return, for further evidence that the filings are legitimate. Tax preparers will be responsible for transmitting this information to their state and the federal government.
“For the first time, everyone in the software industry will share aggregated details about their filings to help us all identify fraud,” Koskinen added. He noted that the “changes are being built into the D.N.A. of the entire tax system.”
The IRS will also ask Congress to take action to make tax returns more secure. Koskinen accused legislators of neglecting the agency’s budget and leaving it in a position where it has been unable to react to new pressure from domestic and international identity thieves. Among the many suggestions he proposed, Koskinen said that Congress should require employers to send out W-2 forms earlier so that it would be easier for them to help the IRS spot fraud.
Taxpayers won’t be filing returns again for almost a year, but it is important for them to consider their risks leading up to that point in advance. The most recent IRS breach was not sophisticated. As many experts have pointed out, all of the information needed to access this tax information was available online to those who were willing to dig for it. All it took was a stolen financial document, an online account breach or even an intercepted email, and identity thieves were able to claim fraudulent refunds.
Even in light of upcoming reforms, it is important to be aware of identity theft risks. Consider signing up for a credit monitoring service, which can alert you in the event that certain activity possibly indicative of fraud appears on your credit files.