The IRS "Get Transcript" Hacked

Details about the Internal Revenue Service Cyber Attack


Who was Attacked - The Internal Revenue Service "IRS"

The multi-prong IRS data breach 

Of all agencies that use your personal information, the IRS is probably secure, right? While the federal tax agency may protect taxpayer data with numerous security measures, it does make information available through a number of online services. Individual taxpayers can access their own data through several agency services, and organizations such as mortgage providers can access certain records with a few pieces of information and a signed release from the taxpayer.

Each of the access points or services provides a possible entry point for cyber criminals or hackers. In 2015, cyber criminals breached the IRS’ network and stole tax refunds from taxpayers.

Cyber Hackers gained access to taxpayer information via an IRS-provided service known as Get Transcript. The service was built so that legitimate taxpayers can access copies of past tax returns when needed. To do so, you need four data points: Your filing status, address, date of birth, and social security number. The hackers attempted to access records through Get Transcript by entering information as many as 200,000 times; a bit over 100,000 of those attempts were successful, resulting in the compromise of that many taxpayer records.

The breaches occurred between February and May 2015.  The cyber criminals then used the information obtained through Get Transcript to file fraudulent tax returns. According to the IRS, the hackers got away with around $50 million in fraudulent tax returns.

Hackers continue to use social security, date of birth, and address information from another organization and cycled through various filing statuses in an attempt to find the right combination for access. 

In Senate hearings on the subject of the IRS data breach, J. Russell George, the IRS’ Treasury Inspector General, reported that his agency reviews the IRS every year to determine how secure the agency is. George reported that the IRS continually failed to make recommended updates to its systems following these audits, and that 44 recommendations had not been acted upon by March 2015. Of those, ten recommendations had been made three years prior. Reports are that the IRS failed to act in part because security funding had declined in recent years; cybersecurity budgets for the agency totaled $187 million in 2011 and had dropped to $149 in 2015.

Some takeaways from the IRS data breach include:

·       Diminishing security budgets can put organizations at risk.

·       Failure to act on known security vulnerabilities opens the door wider for cybercriminals.

·       Hackers are getting increasingly sophisticated with their attacks, even accessing organizations in ways that appear legitimate to computer and security systems.


Speech & Transcript on the IRS cyber attack from cybersecurity expert and venture capital investor - Ross Blankenship (released in 2015.)

The IRS or the Internal Revenue Service was hacked essentially through a protocol "Get Transcript" in late 2014/early 2015.

What is "Get Transcript?" and the Tax Return Filing Portal?

Get Transcript is a portal in which taxpayers can retrieve their transcripts of old tax returns, so they determine how much they paid the previous years, then move forward some of the previous reductions into the next year's deductions.  

Get Transcript was a vulnerable portal because these hackers abroad were sending hundreds of thousands of requests on to Get Transcript to try to steal their filing data. By stealing their filing data, they were successfully able to get about 100,000 taxpayers' previous taxpaying records. Now, it might not seem significant that only 100,000 of the 100 millions of people or the millions upon millions of people that file taxes every year. But with that 100,000 people in just two-month period of 2015, the hackers were able to use and fraudulently file over $50 million worth of tax returns.

They took the old data off Get Transcript and then use it to their advantage. I think more or less, what the IRS breach or the Internal Revenue Services breach and this cyber attack is so significant because it's the ultimate place in which all Americans put our money into the government, so that the government can then spend it on good services and goods for the American people. But to see the IRS as so vulnerable to such an attack is disheartening and it's a bit scary - particularly because we, as American citizens rely so much on the IRS to perform.

How did the IRS respond to these cyber-attacks? 

When the IRS breach occurred, in Senate hearings, a guy named J. Russell George went on to the Senate and saying, he testified and he said, "Well, part of the reason the IRS was unable to defend these attacks is because the money wasn't there." To give you examples, the IRS's budget for all their Internal Revenue Services' cybersecurity was no more than $150 million in a year. This is the government; this is an agency that collects of hundreds of billions, I think it's over $1 trillion in tax revenue every year.

They were spending less than $150 million and they weren't even acting. In J. Russell George's testimony, George alluded to the fact that a lot of the audits and the recommendations never took place. In our book Cyber Nation, we talk about the IRS's cyber attack. It's such a massive attack that we hope people take a look at it. It exemplifies the need for protection from all levels, and especially at the top.

Learn How to Prevent Cyber Attacks like the IRS' Get Transcript Hack


Cybersecurity expert and VC investor.

Cybersecurity expert and VC investor.

Your Name *
Your Name
Phone to Verify Human
Phone to Verify Human