Security Experts:

Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

IRS “Get Transcript” Incident Hit Over 700,000 Taxpayers

The Internal Revenue Service (IRS) reported on Friday that the total number of taxpayers affected by the incident involving the agency’s Get Transcript application is much higher than previously reported.

The Internal Revenue Service (IRS) reported on Friday that the total number of taxpayers affected by the incident involving the agency’s Get Transcript application is much higher than previously reported.

The Get Transcript system was launched in January 2014 on to allow users to view and download their tax transcripts, or have them mailed to their address. Users can no longer view and download their transcripts since May 2015, after the IRS discovered that the service had been abused by fraudsters.

The IRS revealed in May 2015 that cybercrooks had used information obtained from other sources to access the Get Transcript accounts of roughly 114,000 taxpayers. In August, the agency reported discovering that there had been an additional 220,000 victims.

In a statement published on Friday, the IRS said it discovered that the accounts of an additional 390,000 people might have been accessed between the launch of the service and until it was shut down. This brings the total number of affected accounts to 724,000.

The agency also revealed that it detected a total of 570,000 failed attempts to abuse the Get Transcript service. The new details come as a result of a nine-month investigation conducted by the Treasury Inspector General for Tax Administration.

As security blogger Brian Krebs pointed out, fraudster could gain access to Get Transcript accounts by knowing the targeted individual’s name, date of birth, social security number and filing status, along with answers to some knowledge-based authentication (KBA) questions from credit bureau Equifax, such as previous address and loan amounts.

The name, date of birth and SSN of victims could have been obtained by the cybercrooks from various sources — this type of information is often exposed in data breaches. Furthermore, the answers to KBA questions can either be guessed or obtained from various free online services.

Get Transcript was not the only IRS service abused by fraudsters using information stolen from other sources. Earlier this month, the agency informed taxpayers that identity thieves had targeted the Electronic Filing PIN application in an effort to generate PINs for stolen SSNs. The IRS said it detected unauthorized attempts using roughly 464,000 unique SSNs, 101,000 of which were successful in generating PINs that can be used to file tax returns online.

The U.S. Federal Trade Commission (FTC) reported in January that the number of identity theft complaints received by the agency in 2015 was more than 490,000, a considerable increase compared to the 332,000 complaints in the previous year.

Related: DoJ Investigating Leak of FBI, DHS Employee Details

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


Spanish and US authorities have dismantled a cybercrime ring that defrauded victims of more than $5.3 million.


Australian authorities sentence Sydney man for using leaked data stolen from wireless carrier Optus to conduct SMS scams.

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...