Associated Press reports:
Thieves used an online service provided by the IRS to gain access to information from more than 100,000 taxpayers, the agency said Tuesday.
The information included tax returns and other tax information on file with the IRS.
The IRS said the thieves accessed a system called “Get Transcript.” In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address.
If “cleared” is confusing to you, Michael Cohn provides a better description in his article on Accounting Today:
The IRS said Tuesday that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on the tax accounts through the Get Transcript application. The data included Social Security information, birth dates and street addresses.
The AP story continues:
“The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure,” the agency said in a statement.
Read more on Oregon Live.
So from what non-IRS sources did they get all the identity information that they used to access over 100,000 transcripts?
There’s a lot more we need to find out about this.