A security breach has allowed criminals to access the tax returns of more than 100,000 people in the United States.
It appears that the criminals used stolen personal data taken from other websites that had been hacked, to pretend to be legitimate users.
The Internal Revenue Service was warned of the potential for unauthorised access to the accounts in March.
The online IRS' Get Transcript app involved in the breach has been shut down and an investigation is underway.
Organised Crime
The scam's perpetrators managed to set up fake tax returns and file for tax refunds. The IRS told the New York Times that it had paid nearly $50m (£32.5m) in refunds before it had detected the scheme.
The IRS says more than 200,000 attempts to view past tax returns using stolen information were made from February to mid-May with around half of those being successful.
"We're confident that these are not amateurs," said John Koskinen, the IRS commissioner.
"These actually are organized crime syndicates that everybody in the financial industry is dealing with."
Security experts are concerned that the IRS' system appeared not to use multi-factor identification, for example sending a one-off code to a users' mobile phone for them to tap into the website, so as to verify that the person giving the information has access to the phone number on record.
Previous warning
The cybersecurity blog Krebs on Security warned in March that the IRS' system could be breached when it reported on the case of Michael Kasper, who had tried to file his tax return only to be told that he had already done so.
In that case criminals had set up an account in Mr Kasper's name using his social security number, but with a different email address. They filed a false tax return in order to claim a tax refund and had conned the IRS into paying that "refund" into a bank account that Mr Kasper did not recognise.
"The IRS' process for verifying people ... is vulnerable to exploitation by fraudsters because it relies on static identifiers and so-called "knowledge-based authentication" — ie challenge questions that can be easily defeated with information widely available for sale in the cybercrime underground and/or with a small amount of searching online," said the security website, commenting on Mr Kasper's case.
The IRS has sent letters to the taxpayers whose accounts had been compromised, and said it would offer them free credit monitoring.
The authority said its main computer system, which handles tax filings, had not been breached.
Latest Stories
-
EBID wins the Africa Sustainability Award
1 hour -
Expansion Drive: Takoradi Technical University increases faculties
6 hours -
SHS heads demand payment of outstanding funds before reopening of schools
6 hours -
We thank God for the 2024 general elections – Akufo-Addo
7 hours -
Coconut Grove Beach Resort marks 30 years of excellence with memorable 9 lessons & carols service
7 hours -
WAFU B U-17 Girls’ Cup: Black Maidens beat Nigeria on penalties to win inaugral tournament
7 hours -
Real Madrid beat Sevilla to keep pressure on leaders Atletico
9 hours -
Liverpool put six past Spurs to go four points clear
9 hours -
Manchester United lose 3-0 at home to Bournemouth yet again
9 hours -
CHAN 2024Q: ‘It’s still an open game’ – Didi on Ghana’s draw with Nigeria
9 hours -
CHAN 2024Q: Ghana’s Black Galaxies held by Nigeria in first-leg tie
10 hours -
Dr Nduom hopeful defunct GN bank will be restored under Mahama administration
10 hours -
Bridget Bonnie celebrates NDC Victory, champions hope for women and youth
10 hours -
Shamima Muslim urges youth to lead Ghana’s renewal at 18Plus4NDC anniversary
11 hours -
Akufo-Addo condemns post-election violence, blames NDC
12 hours