As USA Today reports, the tax info came from the IRS service “Get Transcript,” which allows users to get information on their wages and income for a specific year, line-by-line tax returns and account transactions.
Hackers obtained information like birth dates, street addresses and social security numbers elsewhere (probably from fraudulent “info markets”), then used that information to access the Get Transcript service. The hacking started in February and continued to mid-May, but the IRS only began to notice unusual activity last week. In total, hackers made 200,000 attempts. According to the IRS, taxpayers have safely downloaded about 23 million transcripts in the most recent filing season.
Ars Technica reports the authentication used for Get Transcript, called knowledge-based authentication, is easily cracked because the data never changes and can easily be found and sold.
The IRS is now getting in touch with everyone whose account info was compromised and providing credit monitoring for each account. The Get Transcript service has been temporarily shut down.
In a press conference, the agency said the hackers were likely part of an organized crime syndicate and not mere amateurs.
The hacking is the latest blow to the generally beleaguered agency, with budget cuts meaning the IRS was ignoring about 60 percent of calls during the latest tax season.
The agency’s woes (and importance to the U.S.) are perhaps best explained by John Oliver, whose segment from Last Week Tonight on the agency can be seen below.