Security Experts:

Many Equifax Hack Victims Had Info Stolen Prior to Breach: IRS

The U.S. Internal Revenue Service (IRS) believes the recent Equifax breach will not make a significant difference in terms of tax fraud considering that many victims already had their personal information stolen prior to the incident.

IRS Commissioner John Koskinen told the press on Tuesday that 100 million Americans have had their personally identifiable information (PII) stolen by hackers, according to The Hill. He also advised consumers to assume that their data has already been compromised and act accordingly.

The Equifax breach, which affected more than 145 million individuals, allowed cybercriminals to access social security numbers, dates of birth and other information. Despite this being one of the largest data breaches in history, Koskinen said it likely “won’t make any significantly or noticeable difference.”

In prepared remarks, Koskinen said the IRS stopped 883,000 attempts to file tax returns using stolen information in 2016, which represents a 37% drop compared to the previous year. Another 30% decrease in fraud attempts was observed this year, when 443,000 instances were discovered throughout August.

Koskinen also pointed out that the number of identity theft victims, based on reports received by the IRS, dropped by 46% in 2016 to 376,000. Another significant decrease in the number of identity theft reports was recorded this year.

“We know cybercriminals are planning for the 2018 tax season just as we are. They are stockpiling the names and SSNs they have collected. They try to leverage that data to gather even more personal information. This coming filing season, more than ever, we all need to work more diligently and work together to combat this common enemy,” the commissioner said.

The IRS has been working on strengthening the security of its systems. In the past year, the agency was forced to suspend several of its online services due to security concerns, including the Identity Protection PIN tool, the Get Transcript service, and the Data Retrieval Tool for Federal Student Aid applications. The Get Transcript service was abused by fraudsters to access the online accounts of more than 700,000 taxpayers.

Related: Seagate Employee Tax Forms Stolen in Phishing Attack

Related: Fraudsters Who Abused IRS "Get Transcript" Service Plead Guilty

Related: UK Audit Office Says More Effort Needed to Combat Online Fraud

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.