The IRS detected roughly unauthorized attempts using 464,000 unique SSNs, and 101,000 attempts allowed crooks in generating PINs.
The U.S. Internal Revenue Service (IRS) recently confirmed that cyber criminals abused the Electronic Filing PIN application.
The Electronic Filing PIN application is running on irs.gov and allows taxpayers to generate a PIN that they can use to file tax returns online. The information necessary to obtain this PIN is the name, date of birth, mailing address and of course, the SSN.
Unfortunately, for identity thieves is quite easy to obtain SSNs online from the dumps resulting from the numerous data breaches occurred in the last months.
SSN numbers, for example, along with other PII are easy to acquire in the various black markets, data breaches of Anthem and CareFirst have made available on the market data related to million customers.
The criminals use this information with an automated bot that is able to generate PINs for the E-File service. In January, the Internal Revenue Service detected roughly unauthorized attempts using 464,000 unique SSNs, and the bad news is that 101,000 attempts allowed crooks in generating PINs.
The agency highlighted that its systems were not breached and no taxpayer data has been exposed.
“The IRS recently identified and halted an automated attack upon its Electronic Filing PIN application on IRS.gov. Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file pin is used in some instances to electronically file a tax return.” the IRS said in a statement. “No personal taxpayer data was compromised or disclosed by IRS systems.”
“IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners,”
The tax agency already notified the users that have been impacted, it sent an email to inform that their accounts have been secured against tax-related identity theft.
A similar incident occurred in May 2015 when the Internal Revenue Service’s Get Transcript system was accessed by unauthorized parties using stolen information.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.