IRS attackSo far, 2015 has not been the year for the IRS and other tax-related services. First, Turbo Tax was rumored to have been breached and temporarily halted state e-filing in the wake of multiple fraud attempts. Then, word got out that state tax fraud had spiked an incredible 3700% from last year. Now, the IRS itself is dealing with an attack in which thieves accessed prior-year tax returns through its “Get Transcript” system, using legitimate information stolen in a third-party attack. This information theft has been determined to be the work of Russian hackers, as reported by The Associated Press, and it turns out they were able to receive $50 million in stolen tax refunds before the IRS attack was discovered. The hackers did not attempt to get into the IRS’ systems and steal additional information, but the fact that they had enough legitimate information to steal 100,000 tax returns is certainly worrisome — especially for those whose identities have been stolen. This isn’t the first time Russian hackers have attacked U.S. government systems; the White House was breached last year and some of President Obama’s emails were compromised as a result.

Could this IRS attack have been prevented?

According to USA Today, the IRS has been warned repeatedly by government monitors for years about its computer security risks. At least seven federal audits and other reports spanning from 2007 to 2014 outlined dangers including failure to restrict physical access to computer resources, weak encryption for authentication on many IRS computer servers as well as not screening employees who have access to taxpayers’ personal data with strong enough background checks. The IRS, like many other government agencies, is constantly under attack due to the large amount of personal data it collects. Although the agency admits it has improvements to make, officials have also pointed to budget cuts approved by Congress as making it difficult to implement the necessary security upgrades.

How can I protect myself?

The IRS plans to notify all taxpayers whose information was compromised in this attack and provide free credit report monitoring. Taxpayers whose returns were fraudulently obtained will not be held accountable and can submit legitimate tax forms. It is still unknown where the hackers obtained the personal data used in the IRS attack, but considering there have been so many security breaches at companies all over the country recently, it’s not hard to imagine the information coming from one of them. To learn more about protecting your identity from the many hackers lurking out there, visit our identity theft protection blog or read our identity theft protection service reviews to see how these services can help you keep track of your personal information.