The Internal Revenue Service has re-enabled a service on its Web site that allows taxpayers to get a copy of their previous year’s tax transcript. The renewed effort to beef up taxpayer authentication methods at irs.gov comes more than a year after the agency disabled the transcript service because tax refund fraudsters were using it to steal sensitive data on consumers.
The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015 — two months after KrebsOnSecurity first raised alarms about the weakness.
In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS’s own Web site to pull taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year.
An Ohio teen who recruited a convicted serial swatter to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison.
MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.
Citing ongoing security concerns, the Internal Revenue Service (IRS) has suspended a service offered via its Web site that allowed taxpayers to retrieve so-called IP Protection PINs (IP PINs), codes that the IRS has assigned to some 2.7 million taxpayers to help prevent those individuals from becoming victims of tax refund fraud two years in a row. The move comes just days after KrebsOnSecurity first exposed how ID thieves were abusing the service to revisit tax refund on innocent taxpayers two years running.
The U.S. Internal Revenue Service (IRS) today sharply revised previous estimates on the number of citizens that were hit by tax refund fraud since 2014 thanks to a security weakness in the IRS’s own Web site. According to the IRS, at least 724,000 citizens were victims of refund fraud after crooks figured out how to abuse a (now defunct) IRS Web site feature called “Get Transcript” to steal victim’s prior tax da
Today, Jan. 29, is officially the first day of the 2018 tax-filing season, also known as the day that fraudsters start requesting phony tax refunds in the names of identity theft victims. Want to minimize the chances of getting hit by tax refund fraud this year? File your taxes before the bad guys can!
Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.
Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees.
In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.
Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.
Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of the tool has created unexpected hurdles for many families hoping to qualify for financial aid, but the action also eliminated a key source of data that fraudsters could use to conduct tax refund fraud.
Last week, the IRS and the Department of Education said in a joint statement that they were temporarily shutting down the IRS’s Data Retrieval Tool. The service was designed to make it easier to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.
