Not only did the IRS lose a flash drive with 12,000 school workers’ Social Security numbers on it in Texas (view related post), it admitted on August 17th that its initial estimate that 110,000 taxpayers’ personal information was used to file false tax returns this year is… well…actually 334,000 data breaches and upwards of 390,000 US households. The fraudulent tax returns were filed after intruders were able to use the “Get Transcript” online app to access taxpayers’ sensitive data by guessing at security questions. The questions included information that could be found on publicly available websites, such as a previous address.
A Treasury Department Inspector General’s Report from September of 2014 showed weaknesses in the IRS’s enterprise information security program, the protection of tax information and implementation of an enterprise risk management program.
The IRS stated that it will mail letters to 220,000 individuals and 170,000 households notifying them of the breach and credit monitoring services.