WASHINGTON — Thieves hacked the accounts of more than 350,000 taxpayers and used the data to file fraudulent tax returns, according to according to an audit prepared by the U.S. Treasury Inspector General for Tax Administration.
The data breach involved the Internal Revenue Service’s online Get Transcript service, which allows taxpayers to view and download tax information on its website. The report said “potentially unauthorized users” were able to access and obtain tax transcripts from 355,262 taxpayer accounts between Jan. 1, 2014, and May 21, 2015.
The data was used to concoct returns that looked legitimate, “making it more difficult for the IRS to detect,” the report states.
An investigation was triggered on May 14, 2015, when the program’s online authentication system picked up a large number of undeliverable emails that were later traced to suspicious domains. The Get Transcript application was taken down a week later, on May 21.
According to the report, a total of 620,931 taxpayer accounts may have been affected, but more people could be at risk because tax accounts include the personal information of spouses and dependents.