Tax return information for about 100,000 U.S. taxpayers was illegally accessed by cyber criminals over the past four months, U.S. IRS Commissioner John Koskinen said on Tuesday, the latest in a series of data thefts that have alarmed American consumers.
From February to May, attackers sought to gain access to personal tax information 200,000 times through the agency's "Get Transcript" online application, which calls up information from previous returns, he told a news conference. About half of those attempts were successful.
The breach did not affect any IRS data outside the "Get Transcript" application, and the agency said it would strengthen its security measures.
Koskinen said he could not comment on who the attackers might be, and a criminal investigation was ongoing.
"We're confident these are not amateurs. These are actually organized crime syndicates that not only we but everyone in the financial industry are dealing with," Koskinen said.
The data theft was largely intended to steal taxpayers' information to submit fraudulent returns next year, he said.
The agency currently believes that fewer than 15,000 fraudulent returns were processed as a result of the breach, likely resulting in refunds of less than $50 million.
The IRS security problem is the latest in a string of breaches. JPMorgan Chase as well as mega-retailers Target and Home Depot have all suffered cyber attacks.
The IRS data theft differs in that it did not involve a computer hack. Criminals used information they had gathered about individuals to access the system as it was designed to be used, the IRS said.
The agency, which will begin to send notification letters to affected taxpayers this week, will provide free credit monitoring and protection for the victims.
Koskinen said the attackers must have had a significant amount of information already about the taxpayers.
In addition to names, addresses and Social Security numbers, the attackers would have needed so-called "out of wallet" data, personal information such as a person's first car or high school mascot, he said.
Koskinen said it was possible that identity thieves could get answers to these questions from individuals' social media accounts and compile them into searchable databases.
Koskinen said the tax agency was originally alerted to the problem by unusual activity in mid-April, which marks the end of the annual tax-filing season.
(Reporting by Brendan Pierson in New York; Editing by Sandra Maler, Richard Cowan, Mohammad Zargham and Cynthia Osterman)