The details of a recent data breach affecting 100,000 taxpayers were revealed in testimony before the House of Representatives Oversight and Government Reform Committee in Washington on May 3.
The data breach involved the IRS's data-retrieval tool that is used to complete the online Free Application for Federal Student Aid (FAFSA). Before it was shut down in March, the data-retrieval tool allowed students and parents to access their adjusted gross income (AGI) information through an interface with the IRS and to complete the FAFSA by transferring the AGI information directly onto their FAFSA form.
According to testimony by Timothy P. Camus, the deputy inspector general for Investigations at the Treasury Inspector General for Tax Administration (TIGTA), identity thieves used individuals' personal information, which they obtained outside the tax system, to start the FAFSA application process and to secure the AGI information through the data-retrieval tool. The IRS currently estimates about 100,000 taxpayers were affected.
TIGTA is conducting a joint investigation with the IRS Criminal Investigation division and the Department of Education (DOE) Office of Inspector General. As part of the investigation, those agencies are looking to see if there was an earlier large exploitation of the FAFSA and the data-retrieval tool. TIGTA is also planning to initiate an audit to review this issue.
Camus testified that TIGTA has found evidence that as early as February 2016 the subject of another investigation had "discussed the availability of AGI information using FAFSA." He also testified that TIGTA believes there is a connection between this data breach and earlier attacks that resulted in the shutting down of the IRS's Get Transcript system.
Camus reported that the first indication that there was unauthorized access of the data-retrieval tool was that in September 2016 TIGTA detected an attempted access through FAFSA of the AGI of "a prominent individual." After an investigation, the alleged perpetrator was caught and is being prosecuted. Later, another attempt was made to secure this information for the same individual by another source. That activity is being investigated.
On Jan. 25, 2017, the IRS notified the DOE that it had detected a large number of data-retrieval tool transactions. The DOE responded that it believed the increase was due to loan consolidation activity. On Feb. 27, however, a taxpayer reported receiving in the mail tax transcripts that he had not requested. An investigation revealed that his tax information had been accessed through the data-retrieval tool and that there had been about 8,000 questionable accesses of data. The IRS shut down the data-retrieval tool on March 3 due to privacy concerns and to protect sensitive taxpayer data (see "IRS Takes Down Student Financial Aid Data Retrieval Tool.") The DOE's FAFSA website says the tool will be unavailable until the start of the next FAFSA filing season.