The IRS said that the criminal used Social Security numbers, birth dates, street addresses and other personal information to complete a multistep authentication process and requested the tax returns. They then used the information collected from those forms to file fraudulent returns and nearly $50 million was disbursed by the agency in refunds before it detected the scheme.
"We're confident that these are not amateurs," John Koskinen, the I.R.S. commissioner, said. "These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with."
A probe has been launched by the IRS into the breach and the agency has also temporarily shut down the Get Transcript application, which was used to gain access to the information. Old tax returns are sometimes needed to apply for college loans or mortgages, and taxpayers are allowed to request the records by mail.
More than 200,000 attempts to view the past returns using stolen information were made from February to mid-May, and according to IRS about 50% were successful. It is unclear whether the criminals were operating inside or outside the United States.
"Eighty percent of the identity theft we're dealing with and refund fraud is related to organized crime here and around the world," Koskinen said at a news conference on Tuesday. "These are extremely sophisticated criminals with access to a tremendous amount of data."
According to the I.R.S, the criminals exploited data, like email addresses and passwords gleaned from other breaches, to answer basic authentication questions about subjects like birth dates or the names of family members. "This is a wake-up call that breaches have a compounding effect and the stakes are getting higher," said Eric Chiu, a security expert who is the president of HyTrust, a cloud computing security company.
"Attackers are on the hunt for our personal and financial information using data stolen from other breaches to gain a larger amount of information on those same individuals."