The IRS stopped a cyberattack on its E-File online tax portal that aimed to use stolen Social Security numbers to generate fake accounts that could be used to submit fraudulent returns.
The tax agency said identity thieves used an automated software bot sometime last month in an attempt to generate E-File PINs for stolen Social Security numbers. An E-File PIN is sometimes used to electronically file a tax return.
IRS cybersecurity experts are currently assessing the situation, but they have already identified unauthorized attempts involving approximately 464,000 unique Social Security numbers, of which 101,000 were used to successfully access E-File PINs.
No personal taxpayer data was compromised or disclosed by IRS systems, the agency said.
The IRS is notifying affected taxpayers by mail as well as marking their accounts to protect against tax-related identity theft.
The incident is not related to last week’s hardware failure, which knocked various tax tools offline for 24 hours.
The announcement comes as top IRS officials are making round rounds before Congress.
IRS commissioner John Koskinen testified before the Senate Finance Committee on Wednesday, while IRS Chief Technology Officer Terry Millholland, Deputy Commissioner for Operations Jeff Tribiano and Director of Privacy Ed Killen will testify Thursday before the House Committee on Oversight and Government Reform.
[Read more: IRS — Tax info compromised via third-party service]
Last year, data taken from third-party sources was used to access 320,000 taxpayer accounts through the IRS’ “Get Transcript” application.
In President Barack Obama’s proposed 2017 budget, the IRS would get $62 million for cybersecurity, $14 million more than what was requested across the rest of the Treasury Department.
Contact the reporter on this story via email at firstname.lastname@example.org, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.