Just a day after the IRS reopened its Get Transcript Online website, the Treasury Inspector General for Tax Administration (TIGTA) released a new study about the massive Get Transcript Online data breach that went from the beginning of 2014 to May 21, 2015 indicating it was far worse than the IRS had reported. The Get Transcript Online program allowed taxpayers to get copies of their former income tax returns online. TIGTA found that the IRS failed to identify 620,931 taxpayers whose information was potentially targeted by hackers. TIGTA also found that 355,262 taxpayers actually were successfully hacked through the Get Transcript Online program although the IRS had initially acknowledged that “only” 220,000 taxpayers’ information was stolen. The flaw in the program as operated in 2014 and 2015 was that too often the answers to personal questions required for verification purposes to gain access through the program to a taxpayer’s tax records were able to be obtained by identity thieves through data banks readily available to determined hackers.
The IRS says that the program as now being operated has tougher requirements to enable access to a taxpayer’s account and records including a requirement of answering more personal questions including questions about credit card usage or loans taken out by the taxpayer. In addition, the taxpayer requesting a copy of his or her records must have a valid email address and a smartphone enabled for text messages tied to the taxpayer’s name. Whether these steps are indeed sufficient to stop hackers remains to be seen.