100K files of taxpayers compromised by malware attack against IRS

(Cyberwar.news) The federal government was once again the target of hackers as data on more than 100,000 taxpayers was compromised in a recent malware attack, FierceGovernmentIT reported.

The agency says it identified and then halted the attack on an online tax application that gave cyber thieves information on taxpayers via the IRS’ e-file system. Personal identification numbers on about 101,000 individuals were breached, the agency said.

“The malware attack on IRS.gov’s Electronic Filing PIN application used an automated bot in attempt to obtain e-file PINs that would allow the perpetrators to electronically file tax returns,” FierceGovernmentIT reported. “Using Social Security numbers that were stolen outside of the IRS, identity thieves used 464,000 SSNs in unauthorized attempts to access an e-file PIN and were successful in obtaining a PIN in 101,000 of those attempts.”

In a statement, the IRS says it is continuing to monitor its systems and is on the lookout for any new breaches.

“No personal taxpayer data was compromised or disclosed by IRS systems,” the statement said. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application.”

In addition, the agency said, it is also protecting affected “accounts by marking them to protect against tax-related identity theft.”

“IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration. The IRS also is sharing information with its Security Summit state and industry partners,” said the statement, adding that the malware attack was not related to a recent outage of IRS tax processing systems.

In December, as year-end tax filing deadlines approached, the agency said there were a number of ongoing scams and phishing sites claiming to be the IRS.

“The IRS recently became aware of a fraudulent scheme targeting EFTPS users, the scheme uses an e-mail that claims your tax payment was rejected and directs you to a website for additional information,” the agency said on its site. “The website contains malware that will attempt to infect your computer.”

Last month Tripwire reported that an IRS scam involving “ransomeware” – malware aimed at forcing a computer user to pay to have it “released” – was making the rounds as well.

Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.