Identity thieves breach IRS with stolen Social Security numbers

Identity thieves breach IRS with stolen Social Security numbers

Identity thieves used an automated bot in an attempt to generate phony login information to breach the Internal Revenue Service (IRS), the agency said Tuesday.

Using Social Security numbers stolen from elsewhere, the thieves used malware to try to create e-file PINs, used by some taxpayers to file their returns.

No personal taxpayer information was exposed during the attempt, according to the agency, and the hack has been halted.

An internal investigation identified unauthorized attempts involving around 464,000 Social Security numbers, 101,000 of which were used to successfully access an e-file PIN in December.

The announcement comes as IRS Commissioner John Koskinen is set to testify Wednesday morning before the Senate Finance Committee in a hearing on the president’s budget, which boosts the agency’s funding by 4.7 percent.

In August, the agency revealed that hackers had been able to swipe sensitive information about more than 300,000 taxpayers, causing outrage among lawmakers.

Senate Finance Committee Chairman Orrin HatchOrrin HatchGOP talks of narrowing ‘blue-slip’ rule for judges Senator's photo spurs caption contest White House tells Congress it will renegotiate NAFTA MORE (R-Utah) was critical of the agency at the time of the breach, calling it “simply unacceptable.”

“This agency has been repeatedly warned by top government watchdogs that its data security systems are inadequate against the growing threat of international hackers and data thieves,” he said in May, when the breach was first uncovered. 

The IRS has often pointed to budget constraints as a chief reason it struggles to keep up with identity thieves.

Earlier this month, a number of the IRS’s tax processing systems went down because of what the agency described as technical problems, sparking lawmaker suspicions.

Although the agency continues to insist the outage was a glitch, House Oversight Committee Chairman Jason ChaffetzJason ChaffetzMueller reviewed the Comey memos: report Overnight Cybersecurity: Flynn refuses to comply with Senate subpoena | Chaffetz postpones hearing with Comey | Small biz cyber bill would cost M | New worm spotted after 'Wanna Cry' Chaffetz postpones Oversight hearing with Comey MORE (R-Utah) has used the incident to renew his calls for Koskinen to be fired.

“I have zero confidence, zero, in IRS Commissioner John Koskinen,” he said.

The agency said Tuesday that this latest incident “is not connected or related to last week’s outage of IRS tax processing systems.”