Skip to main content

Identity thieves used thousands of stolen SSNs to generate IRS e-filing pins

Attackers using malware and stolen personal information managed to generate 101,000 e-filing PIN numbers, according to the IRS. Affected taxpayers will be notified by mail, and their accounts will be monitored.

The attack, which happened last month, was carried out by attackers who already had access to the Social Security Numbers (SSNs) of 464,000 people, according to the IRS. An automated system, detected by the IRS, managed to generate 101,000 e-filing PIN numbers before the scheme was shut down.

Recommended Videos

The attack was revealed to the public yesterday via a statement from the IRS, which briefly outlined what happened.

“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers,” said the statement. “An E-file pin is used in some instances to electronically file a tax return.”

The IRS was quick to state that “no personal taxpayer data was compromised or disclosed by IRS systems,” and that the attackers had access to the SSNs prior to the attack. In essence, having access to the SSNs is what made the attack effective.

There’s a massive amount of leaked personal information available in online black markets, including databases of leaked SSNs. Would-be fraudsters are always looking for new ways to monetize this purloined data. And this is an example of turning raw materials — a database of social security numbers — into something potentially more lucrative — a database of working e-file pins. Stealing even a small fraction of that many people’s tax rebates would certainly be profitable, and seemingly valid e-file pins could go a long way toward making that possible.

The incident, which happened last month, was not related to last week’s brief IRS outage.

“IRS cybersecurity experts are currently assessing the situation, and the IRS is working closely with other agencies and the Treasury Inspector General for Tax Administration,” said the statement. “The IRS also is sharing information with its Security Summit state and industry partners.”

Online security is hard, but it is essential when it comes to tax data. Remember: keep personal information like your social security number to yourself, and never share it over email, IM, or social networks.

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
It might be a while longer before you can easily cancel subscriptions
The FTC logo on a building.

The Federal Trade Commission had voted in a rule that would make it easier to cancel subscription services, but the start of that rule has been pushed back until July 14. Initially, the regulation — called the Negative Option Rule — went into effect on January 19, but certain provisions weren't set to kick in until May 14. These provisions would require companies to make it as easy to cancel a subscription as it is to sign up.

Numerous telecom companies spoke out against the ruling. The National Cable and Telecommunications Association filed a lawsuit to appeal the decision, claiming that the FTC had overstepped the limits of its authority. The decision to delay these provisions by 60 days is due to the "complexities" of changing the processes, and the FTC says it has "acknowledged that compliance entailed some level of difficulty" and "determined that the original deferral period insufficiently accounted for the complexity of compliance."

Read more
Apple could soon fix Wi-Fi access woes across all your devices
Setting up Wi-Fi on an iPhone.

One of the biggest hassles while traveling is the hunt for a decent internet connection, and then getting it to work across all your devices. The conundrum is now mainstream across hotels, lodges, and coffee shops — essentially all the establishments a person is supposed to spend a few hours of their day, but needs to fill a web form first before they can get internet access.

Apple will soon put an end to those Wi-Fi registration struggles. According to Bloomberg, the company is working on “a system that can synchronize captive Wi-Fi access details across the iPhone, iPad and Mac.”

Read more
I found an app that overhauled my Mac’s audio, and I wish I found it sooner
People with headphones listening to Spotify on a MacBook.

Apple’s macOS is a brilliant operating system, but there’s one thing it handles pretty poorly: audio. It’s such a fundamental part of any computing experience, yet it’s left me feeling disappointed, despite going through a ton of macOS updates over the years.

Sure, macOS has some audio controls, but they’re fairly basic. There are sliders for volume and left/right balance, options for which speakers to play sound effects out of … and not a huge amount more.

Read more