The Internal Revenue Service said on Thursday that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid.
The breach may be the most extensive since 2015, when thieves gained access to the tax returns of over 300,000 people by using stolen data and filed fraudulent returns to get refunds.
The possibility of an attack became known in early March after the I.R.S. shut down its Data Retrieval Tool, which families used to import tax information to Fafsa, the Free Application for Federal Student Aid, on the Education Department’s website. The shutdown, at the height of financial aid application season, caused outrage among parents and students trying to fill out the complicated Fafsa forms.
The I.R.S. has been struggling to overhaul its defenses against increasingly sophisticated cyberthreats as its budget shrinks and its staff dwindles.
The agency became concerned last fall when it realized that it was possible for criminals to take advantage of the student loan tool that allows aid applicants to automatically populate the applications with their and their parents’ tax information. The worry was that thieves might use the stolen data to file fraudulent returns and steal refunds, as they did two years ago.
Check out the other half of this article on The New York Times here: http://nyti.ms/2nmQBag