In May, I blogged about criminals defrauding the IRS of some $50 million by submitting false tax returns via its Get Transcript application. At the time, it was estimated that the criminals had gained access to 100,000 taxpayers’ returns by using personal information stolen in other data breaches to answer the IRS app’s security questions.

Now, the IRS has revised its estimate of the number of taxpayers affected by May’s incident, adding another 220,000 to the total.

August 18, 2015  by Niel Ford  (c) IT Governance

IRS Building

In a statement released yesterday, the IRS said that, following the incident’s discovery, it ‘conducted an extensive review covering the 2015 filing season to assess whether other suspicious activity occurred. Following this review, the IRS has identified more questionable attempts to obtain transcripts using sensitive information already in the hands of criminals. […] The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to “Get Transcript” taxpayer account information.’

There is also the possibility that more victims will be affected – the IRS believes that criminals intend to submit fraudulent tax returns for the 2016 filing season.

The Get Transcript app was shut down in May.

Best-practice cybersecurity

If your organization collects, holds, or processes customer information, it needs to keep it safe. If you suffer a data breach then the information you lose can be used to facilitate further criminal activity – and, vice versa, data breaches elsewhere can affect your organization.

An information security management system (ISMS) as prescribed by the international standard ISO 27001 provides an enterprise-wide approach to managing information security risks that encompasses people, processes, and technology.

The external validation provided by accredited ISO 27001 registration will improve an organization’s cybersecurity posture while confirming to stakeholders, suppliers, and staff that best practices are being employed. Moreover, it is also often the case that companies will achieve compliance with a host of legislative frameworks – including state data breach notification laws and federal regulations such as FISMA, the GLBA, HIPAA, and SOX – and international standards like the PCI DSS simply by achieving ISO 27001 registration.

IT Governance’s ISO 27001 Packaged Solutions provide fixed-price ISO 27001 implementation resources and consultancy support for all organizations, whatever their size, sector, or location, from under $600.

With their unique combination of standards, books, toolkits, software, training, and online consultancy, these implementation packages provide US organizations with all they need to implement the Standard and ensure their cybersecurity.

InCyber Comments:

This fraud could have been prevented if the InCyber PAS system was used by Fagen. For additional information on InCyber PAS write to