Hackers accessed the servers at the Internal Revenue Service to steal data from as many 100,000 taxpayers, the agency disclosed today.
The thieves accessed the data through an online service provided by the IRS and took financial data related to users’ actual tax returns.
An online service called “Get Transcript” provided the front door through which the thieves entered, according to the Associated Press. Get Transcript provides a list of a taxpayers’ various interactions with the agency over time.
The thieves had to have some knowledge of the taxpayer in order to steal his or her data; a security gateway required the entry of a Social Security number, date of birth, tax filing status, and a street address.
By providing one of a few pieces of secure information at the front door, the hackers gained access to a large set of financial data that can be used in all manner of identity theft-related crimes. It’s not yet known what specific data points the hackers used to pass the security screen.
The IRS said in a statement that its main server system that processes tax returns was not breached.
“In all, about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles,” the IRS said. “During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts.”
This is the latest in a string of large data thefts in the past year. Others include Anthem Health, Home Depot, and Community Health Systems. But the IRS is the first major hack of a data center run by the federal government. It’s also troubling because of the richness of the set of private financial data contained in the servers.