According to an audit released this month from the U.S. Treasury Department’s internal watchdog stated that the Internal Revenue Service (IRS) has failed to add more than 11,000 compromised Social Security Numbers to a list that it uses to help protect taxpayers from identity theft. The Treasury Inspector General for Tax Administration (TIGTA) Report found that fraudsters used 79 of those Social Security Numbers to file spurious tax returns in an effort to receive ill-gotten refunds throughout the 2016 and 2017 tax years.
The report primarily focused on an IRS program that accumulates information about third-party data breaches and tries to thwart the victims of those breaches from being deceived again when tax time rolls around. The IG Report also unveiled that the tax agency’s Return Integrity and Compliance Services division registered 730 of those third-party breaches during 2017 but failed to record 89 of them or to monitor the breach victims for phony returns. In the case of 70 of those 89 breaches, the division was warned about the breach but never asked the breached organization to provide victims’ Social Security numbers or other taxpayer ID numbers where IRS could monitor them. For 15 other breaches, the breached organization passed along the ID numbers, but IRS never entered them into its Incident Management Tracker Matrix. And rest four cases, the breached organization declined to share breached information, but when that happens, the Return Integrity division is supposed to try to compile that information on its own, as the auditor report said.
In addition, the auditors further found several cases in which the Return Integrity division received Social Security Numbers and other ID numbers from a breached organization but seemingly, it didn’t review some of those IDs to define whether they should be monitored for fraud. The report also pointed out that ahead of the auditors’ recommendation, the division assessed all the taxpayer IDs it had received and found 15,143 that it hadn’t reviewed for fraud monitoring, IRS reviewed those IDs and assigned them for fraud monitoring where appropriate.