Professional services with a personal touch.

« January 2016 | Main | March 2016 »

2 posts from February 2016


Another Cyberattack on Taxpayer Information

There was another cyberattack on the IRS attempting to generate and steal E-file PINs. The agency reports it discovered and stopped an automated attack that was using stolen Social Security numbers to attempt to generate the PINS. This is the second time in less than three weeks that the IRS has admitted its updated E-file system has been plagued by an incident.

E-file PINs are used by taxpayers to electronically file tax returns. A PIN is also assigned to taxpayers who use the online Electronic Federal Tax Payment System (EFTPS). E-filing is used by both individual and business taxpayers. A PIN is typically made up of four numbers and must be used with the correct Social Security number to log in to web-based systems to file returns, make payments, adjust taxpayer information and more.

1 cyber securityAn IRS statement says the most recent incident occurred on February 8th using malware. It says a review by cybersecurity experts estimates the unauthorized attempts to receive PINs involved 464,000 stolen Social Security numbers, of which 101,000 SSNs were successful at accessing an E-file PIN. A common tax-related scam uses the stolen information to file false tax returns claiming fraudulent refunds.

The agency claims “no personal taxpayer data was compromised or disclosed” in this most recent attack and any affected taxpayers are being notified by mail of the incident. However, there is still no confirmed understanding of how the Social Security numbers were stolen in the first place. The first reported incident involving the E-File system occurred on February 3rd when what was described as a “temporary processing system failure” left the agency unable to process electronically filed tax returns for more than 24 hours.

Meanwhile, the IRS has been working with state officials and cybersecurity experts to keep pace with new and increasingly sophisticated tactics to steal taxpayer information. Part of the defense strategy involves the collection of more than 20 data components between the IRS, the taxpayer and tax preparation professionals to ensure a legitimate tax return is being filed and/or a legitimate taxpayer is making a request.

In remarks at a security summit last year, IRS Commissioner John Koskinen said, “Our ability to address the risks posed by cybercrime will require new investments in authentication, monitoring and other cybersecurity technologies.” Koskinen said the cost would be an estimated $281 million. The newly approved 2016 federal budget maintains the IRS budget at fiscal 2015 levels, but there is an opportunity for the additional funding. The agency is being asked to provide more details of how it plans to spend the money and it must ensure the funds are specifically used for the indicated security improvements.

Reporting on the most recent incident, the Journal of Accountancy points out that last summer the IRS Get Transcript system was breached resulting in the theft of the tax data of 334,000 taxpayers. At that time, the IRS offered free credit monitoring services to affected taxpayers and offered them a choice to enroll in the identity theft filing program. Ironically, that program uses PINs along with Social Security numbers for security protection, which brings the cyberattack problem full circle to the most recent attack to generate and steal PINs.

So, as the IRS and cybersecurity experts struggle to keep up with cybercrime and tax-related identity theft, what is a taxpayer to do? There are online resources for more information. Click here for links found in previous The ReSource articles on tax-related identity theft. Also, you may need to develop new habits of checking your credit report annually, your bank and credit card weekly and reviewing your Social Security records for anything suspicious.

If you have any questions or feel you may have been a victim of a tax-related crime, contact us at McRuer CPAs and we’ll help you sort through the details.


IRS Computer Failures Occur

The IRS reports it suffered a temporary computer failure that involved several of its processing systems just two weeks into the federal individual income tax-filing season. The system failure left the agency temporarily unable to process electronically filed tax returns Wednesday, February 3rd, and most of the day Thursday, February 4th.  The IRS began accepting 2015 tax returns for processing January 19th.

Computer hardwareThe agency explained in an online statement it had experienced a "hardware failure" that was "affecting a number of tax processing systems".  Tools that both taxpayers and tax preparers use were not working including the "Where's My Refund" online search tool and the updated e-file system that was just put into practice for 2015 tax returns.  By Thursday morning, the "Where's My Refund" tool and other services were operating again.  However, preparers reported the e-file service was not yet running consistently.

When the incident occurred an agency spokesman said, "Taxpayers can still prepare their returns, and tax preparers will have to hold them until the IRS is able to take them again."  A new statement said it had resumed processing returns by 5pm Thursday and the system outage issues had been resolved.  

The agency continues to say that it expects to meet its goal of processing 90% of refunds within 21 days.  For more information, click here to read the IRS news release.

RSS Feed

Welcome from Scott McRuer
& the McRuer CPAs Team

Scott McRuer
Learn more about Scott

Follow Scott and his team on your favorite social media

Facebook LinkedIn YouTube