Yesterday, the Treasury Inspector General for Tax Administration (TIGTA) issued a report regarding its investigation into the IRS’ electronic authentication controls. The investigation was prompted by identity thieves using the IRS’ Get Transcript program to obtain the former income tax returns filed by an estimated 724,000 taxpayers and use the information contained in those income tax returns to file phony income tax returns using the names of the victimized taxpayers and obtain fraudulent refunds. The IRS did not become aware of the vulnerability of the Get Transcript program until May of 2015 and shut down the program until it was reintroduced with what the IRS said was increased security in June of 2016. The idea behind the IRS’ Get Transcript program was a good one, namely permitting taxpayers to get access to copies of their tax returns from previous years conveniently and electronically. An essential element of such a program is a strong authentication process to keep identity thieves from accessing this sensitive material and unfortunately, the authentication protocol used by the IRS was quite inadequate and did not meet industry standards resulting in the data breaches affected 724,000 taxpayers. In one instance the TIGTA report indicated that the IRS missed an attempt by a hacker to attempt to gain access to a victim’s tax return 902 times in a single 24 hour period.
The TIGTA report made seven specific recommendations for increased IRS security in regard to the electronic authentication process to gain access to taxpayers’ records and the IRS has agreed with all seven, however, a number of the recommendations have still not been implemented by the IRS and the system is still not as secure as it should be.
The best way to avoid income tax identity theft is to file your income tax return as soon as possible because even an identity thief in possession of your Social Security number and other personal information that would enable him or her to file a phony income tax return in your name would not be able to get a payment from the IRS if you had already filed your return.