Update 5/28: The AP reports that sources close to the IRS investigation say that the hackers who stole the information are located in Russia. However, the IRS Criminal Investigation Unit, the Treasury Inspector General for Tax Administration and the FBI are still investigating, so there's no official confirmation. In another shocking update, former Washington Post reporter, Brian Krebs, writes that his sources say "the IRS estimates that thieves used the data to steal up to $50 million in fraudulent refunds."
Original Story: For months hackers have been tapping into an Internal Revenue Service system trying to steal the tax records of hundreds of thousands of U.S. taxpayers. Today the IRS announced that hackers stole records from at least 100,000 taxpayer accounts.
This is scary! It’s not like a credit card breach where you can call your bank to cancel your card and get a new one. These hackers now have tons of personal information on taxpayers across the country. Just think of everything you list on your tax return: the social security numbers of you and your family, where you work, where you live, your investments, property you own and more.
All of this information is more than enough for an identity thief to tap into your good credit, open accounts in your name, wreck your finances and worse. But the way the thieves attacked the IRS systems is bad news even if your records were not stolen this time.
That's because the hackers already had enough personal information about many more victims to trick the IRS security measures into unlocking these very sensitive income tax records.
"In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems. The multi-layer process also requires an additional step, where applicants must correctly answer several personal identity verification questions that typically are only known by the taxpayer," the agency said in a statement.