IRS Cyber Attacks Lead to Elimination of the eFile PIN Feature

Aug 11, 2016 | Blog

cyber security shieldAfter a major data breach earlier this year and subsequent repeated cyber attacks, the U.S. Internal Revenue Service recently announced that the electronic filing PIN tool on their website will no longer be available.

In February of this year, hackers used an automated bot attack program to successfully gain access to more than 100,000 e-File PINs used by taxpayers to verify their signature on Form 1040 before they were blocked by the IRS. These cyber criminals had previously illegally obtained taxpayers’ personal information, including names, addresses, dates of birth and Social Security numbers to be able to retrieve the e-File PINs.

According to a June statement released by the IRS, the personal taxpayer data used during the attack was not stolen from them, but from another external source. The statement also assured that the taxpayers that may be affected by these cyberattacks will be notified by mail, and the IRS is monitoring their accounts to prevent any further tax-related identity theft issues.

Although the IRS maintains that externally acquired personal taxpayer information was used in the recent hacks, the agency also suffered a major security breach last year that allowed attackers to gain sensitive personal information for over 300,000 taxpayers. Similarly, that attack also involved an IRS tool called the “Get Transcript” application, and the agency claimed at the time that attackers were able to bypass the app’s verification steps using information obtained from some other external source.

Regardless of how taxpayer information was stolen in February, at the time the IRS retained the e-File PIN tool because of the sheer volume of embedded links found in almost all commercial tax software programs that taxpayers used when filing their returns. Instead of shutting the program down immediately, the IRS opted to provide further security defenses inside the IRS processing system, including extra screening for any current or late tax returns filed with an e-File PIN.

In recent weeks, the IRS found that although automated cyberattacks were continuing to take place at an increasing frequency, they were only affecting a small number of e-File PINs. Due to the additional cyber protection measures put in place after the original data breach earlier this year, the IRS was able to identify this issue quickly. However, as an experienced tax attorney in San Mateo County, I was relieved to hear that the IRS decided to remove the e-File PIN program as a safety precaution to avoid any further major data breaches.

The IRS stated that the change in policy will only affect a smaller number of taxpayers who have not filed their tax returns this year and need a replacement e-File PIN to do so. In reference to the embedded links in commercial tax software programs, the IRS plans to continue to work with the tax software community to make these adjustments as seamless as possible for those taxpayers that may be affected.

If you are looking for an experienced tax attorney in San Mateo County or the surrounding area to help you with resolving your tax problems with the IRS, contact Tax Helpers today for a free consultation.