AP sources: IRS believes identity thieves from Russia
WASHINGTON – IRS investigators believe the identity thieves who stole the personal tax information of more than 100,000 taxpayers from an IRS website are part of a sophisticated criminal operation based in Russia, two officials told the Associated Press.
The information was stolen as part of an elaborate scheme to claim fraudulent tax refunds, IRS Commissioner John Koskinen told reporters. Koskinen declined to say where the crime originated.
But two officials briefed on the matter said Wednesday the IRS believes the criminals were in Russia, based on computer data about who accessed the information. The officials spoke on condition of anonymity.
An IRS spokeswoman said Wednesday the agency couldn’t comment on the investigation.
The revelation highlights the global reach of many cyber criminals. And it’s not the first time the IRS has been targeted by identity thieves based overseas.
In 2012, the IRS sent a total of 655 tax refunds to a single address in Lithuania, and 343 refunds went to a lone address in Shanghai, according to a report by the agency’s inspector general. The IRS has since added safeguards to prevent similar schemes.
The information was taken from an IRS website called “Get Transcript,” where taxpayers can get tax returns and other tax filings from previous years. In order to access the information, the thieves cleared a security screen that required detailed knowledge about each taxpayer, including their Social Security number, date of birth, tax filing status and street address.
The IRS believes the criminals originally obtained this information from other sources. They were accessing the IRS website to get even more information about the taxpayers, which would help them claim fraudulent tax refunds in the future, Koskinen said.
The thieves have already used some of the information to claim as much as $50 million in fraudulent tax refunds, Koskinen said.
“We’re confident that these are not amateurs,” Koskinen said. “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.”
The IRS believes the thieves started targeting the website in February. Technicians discovered the breach about two weeks ago, when they noticed an increase in the number of taxpayers seeking transcripts. The website was shut down last week.
The IRS said it is notifying taxpayers whose information was accessed, and is providing them with credit monitoring services.