The IRS announced Tuesday that cybercrooks hacked their way into the accounts of roughly 104,000 taxpayers, gaining access to several years’ worth of returns and a treasure trove of personal info.
The Washington Post reported that the criminals used the information they stole to submit fraudulent tax returns. 15,000 of those fraudulent returns were processed, netting the hackers roughly $50 million.
Commissioner John Koskinen said that the perpetrators exploited an IRS service called "Get Transcript," which allows taxpayers to access their accounts by answering a number of security questions. Those questions are easily answerable by anyone with access to a target's Social Security number, date of birth, tax filing status, or street address.
Because of the style of the cyberattack, the IRS said that most if not all of the victims were people whose personal information was previously stolen elsewhere.
Furthermore, the IRS stated that the hackers had likely employed an army of people to manually answer the "Get Transcript" security questions.
"We’re confident that these are not amateurs but organized crime syndicates that not only we, but others in the financial industry are dealing with," said Koskinen.
In the years since the IRS has begun relying more and more on the Internet, cybercriminals have stolen billions of dollars via the filing of fraudulent returns. In 2013, the IRS estimated it paid out roughly $5.8 billion in fraudulent refunds to identity thieves.
"That the IRS — home to highly sensitive information on every single American and every single company doing business here at home — was vulnerable to this attack is simply unacceptable," said Sen. Orrin Hatch, R-Utah, chairman of the Senate Finance Committee,
The Associated Press reported via ABC News.
"What's more, this agency has been repeatedly warned by top government watchdogs that its data security systems are inadequate against the growing threat of international hackers and data thieves."
Koskinen said that the system used by the hackers has been taken offline for the time being, and that the IRS would offer free credit monitoring for those targeted.