The IRS has revealed that it successfully denied hackers who attempted to steal taxpayers’ electronic filing PINs. In the lead-up to tax season, the attack is the latest attempt to steal taxpayer data. While the IRS has previously been breached, the service has successfully kept hackers at bay this time around. In a new statement, the IRS has revealed that it had “Identified and halted an automated attack” on the e-filing PIN application hosted on the agency’s website. The hackers used personal data acquired elsewhere, the IRS said, along with malware in order to generate PINs for the social security numbers belonging to tax payers. While the attempt was unsuccessful, affected taxpayers have been notified that an unknown hacker or hacking group attempted to use their data. The IRS has also urged taxpayers to secure their online accounts elsewhere, as well as continuously monitoring their credit reports. The IRS insisted that the attack was unsuccessful after it stopped the attack. The service also claimed that none of its systems provided personal details of taxpayers to any hackers. The press release by the IRS read:
The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. No personal taxpayer data was compromised or disclosed by IRS systems.
Those affected are being notified by the IRS through mail. Also, the IRS is marking their affected accounts to ensure that they’ll be protected from the possibility of identity theft involving taxes. Furthermore, the IRS identified unauthorized attempts involving approximately 464,000 unique social security numbers. Among the attempts, 101,000 social security numbers were used to access an E-file PIN, successfully. The statement added:
IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners.
The IRS previously suffered an attack that affected 100,000 taxpayers, according to early reports and estimates. However, a few months later in August, the IRS revealed that some 600,000 taxpayers with half or more of their details accessed. Image credit: Wikimedia.