Identity thieves attack IRS E-File system

The Internal Revenue Service has stopped an attack on its E-File system that was looking to use stolen social security numbers to generate sham login information.

The IRS stopped a cyberattack on its E-File online tax portal that aimed to use stolen Social Security numbers to generate fake accounts that could be used to submit fraudulent returns.

The tax agency said identity thieves used an automated software bot sometime last month in an attempt to generate E-File PINs for stolen Social Security numbers. An E-File PIN is sometimes used to electronically file a tax return.

IRS cybersecurity experts are currently assessing the situation, but they have already identified unauthorized attempts involving approximately 464,000 unique Social Security numbers, of which 101,000 were used to successfully access E-File PINs.

No personal taxpayer data was compromised or disclosed by IRS systems, the agency said.


The IRS is notifying affected taxpayers by mail as well as marking their accounts to protect against tax-related identity theft.

The incident is not related to last week’s hardware failure, which knocked various tax tools offline for 24 hours.

The announcement comes as top IRS officials are making round rounds before Congress. 

IRS commissioner John Koskinen testified before the Senate Finance Committee on Wednesday, while IRS Chief Technology Officer Terry Millholland, Deputy Commissioner for Operations Jeff Tribiano and Director of Privacy Ed Killen will testify Thursday before the House Committee on Oversight and Government Reform.  

[Read more: IRS — Tax info compromised via third-party service]


Last year, data taken from third-party sources was used to access 320,000 taxpayer accounts through the IRS’ “Get Transcript” application.

In President Barack Obama’s proposed 2017 budget, the IRS would get $62 million for cybersecurity, $14 million more than what was requested across the rest of the Treasury Department.

Contact the reporter on this story via email at, or follow him on Twitter at @gregotto. His OTR and PGP info can be found hereSubscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here:

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts