A major attack this year by cyber security criminals on the computer network at the U.S. Internal Revenue Service originated in Russia, sources confirmed to Fox News late Wednesday.
The Associated Press has also cited two anonymous sources who reported the IRS believes the hackers are part of a sophisticated criminal operation in Russia. Neither report connected the attack to the Russian government.
But both pointed out that this is not the first time that the IRS has been successfully breached by cyber thieves. Taxpayers whose accounts were accessed will be notified and provided with credit monitoring services, the IRS said.
The IRS inspector-general reported in 2012 hackers managed to manipulate the IRS system into sending 655 tax refunds to a single address in Lithuania. Another 343 tax refunds were sent to another address, this one in Shanghai. Following these attacks, system administrators tweaked the network safeguards to block other hackers.
This year’s attack began sometime in February, according to the report, and continued until mid-May. So far, the thieves have stolen at least $50 million in fraudulent tax refunds. That figure does not include the cost of tracking the breach, nor the expense involved in fixing it and preventing future attempts.
They used a software called “Get Transcript” to access the data. But in order to get into the records, the thieves first had to clear a security screen that required the use of taxpayer information such as a Social Security number, birth date, street address and tax filing number.
According to IRS Commissioner John Koskinen, the hackers used stolen Social Security numbers and other information to gain their access to taxpayers’ accounts. Then they used information from prior tax returns to file current fake returns seeking refunds.
“We’re confident these are not amateurs,” Koskinen told Fox News. “These actually are organized crime syndicates that not only we, but everybody in the financial industry are dealing with.” The IRS estimates that it paid out some %5.8 billion in 2013 to identity thieves, both foreign and domestic.
At least 104,000 taxpayer records dating back up to five years and perhaps more were stolen in the cyber heist, officials said.
The IRS notified the Department of Homeland Security following the breach, a federal law enforcement source said. The Senate Finance Committee has scheduled a June 2 hearing to question Koskinen and Treasury Inspector-General for Tax Administration J. Russell George on the issue.
“When the federal government fails to protect private and confidential taxpayer information, Congress must act,” Senate Finance Committee Chairman Orrin Hatch (R-UT) said Wednesday in setting the hearing.