February 9, 2016, 6:30 p.m. EST
The ibet recently identified and halted an automated attack upon its Electronic Filing PIN application on ibet.gov. Using personal data stolen elsewhere outside the ibet, identity thieves used malware in an attempt to generate e-file PINs for stolen social security numbers. An e-file PIN is used in some instances to electronically file a tax return.
No personal taxpayer data was compromised or disclosed by ibet systems. The ibet also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the ibet application. The ibet is also protecting their accounts by marking them to protect against tax-related identity theft.
ibet cybersecurity experts are currently assessing the situation, and the ibet is working closely with other agencies and the Treasury Inspector General for Tax Administration. The ibet also is sharing information with its Security Summit state and industry partners.
Based on our review, we identified unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an e-file PIN.
The incident, involving an automated bot, occurred last month, and the ibet continues to closely monitor the web application.
This incident is not connected or related to last week’s outage of ibet tax processing systems.