cybercriminal IRSIf the headline of this article is giving you déjà vu, it’s probably because it hasn’t even been a whole year since the last IRS data breach was reported. Now, less than a month since the 2016 tax season officially began, the bureau says it has caught and stopped a malicious intrusion of its systems. While cybercriminals went after people’s tax returns through the “Get Transcript” application in 2015, this year’s attack is aimed at the Electronic Filing (E-file) PIN application. Once again, the taxpayer data used to try and gain access was stolen elsewhere — no personal information was compromised by the IRS systems, according to the Jan. 9 press release. Although last week’s temporary computer system outage is unrelated to this data breach, both are concerning as reports of rising identity theft over the last year point to tax identity theft as a primary culprit.

More than 400,000 social security numbers used in attack

In total, close to 464,000 unique social security numbers were used by hackers in the attack, although only 101,000 of these were used to successfully generate E-file PINs. These PINs are used to file tax returns electronically, meaning a successfully generated PIN could allow a thief to file a fraudulent tax return using a stolen social security number. Given the incredible amount of data breaches in the past year that exposed social security numbers of people of all ages, it’s not a surprise that this wealth of information is now being used by cybercriminals to perpetrate new crimes and commit fraud.

The IRS will be contacting all affected taxpayers via postal mail to let them know of the breach in security. Be sure to watch out for further illegal activity in the form of phony phone calls and emails from scammers trying to trick concerned taxpayers into giving up personal information or send money. The IRS is also employing investigators and security experts to determine what security flaws led to this attack being possible and enhance protection to prevent future attacks.

What steps can be taken to protect your tax return?

As we’ve urged in the past, the best protection taxpayers can afford themselves is to file as soon as possible. Once you’ve received your W-2 and other pertinent information necessary for completing your tax return, don’t put it off until later. This is merely buying identity thieves time to jump in and file a fraudulent tax return using your information — something you will only find out has happened when it’s time to file and your return is rejected. If you attempt to file and discover that a return has already been filed in your name, it’s important to take the necessary steps to report the identity theft to the IRS and other government agencies so it can be set right.

Also, since this breach was assisted by personal taxpayer data stolen elsewhere, it’s a good reminder to be wary in all aspects of your life. You can learn more about the myriad of ways to protect your identity and avoid scams by following our identity theft protection blog.