IRS Sued for Data Breach
A group of law firms has filed a class-action lawsuit against the Internal Revenue Service on behalf of an estimated 330,000 taxpayers who were affected by a data breach in the IRS’s online Get Transcript application.
IRS Commissioner John Koskinen disclosed the data breach in May, estimating that the tax returns of approximately 104,000 taxpayers could have been accessed by identity thieves (see IRS Detects Data Breach in ‘Get Transcript’ Application). Last week, the IRS increased its estimate to 330,000 taxpayers (see Extra 220,000 Hit by IRS ‘Get Transcript Breach’). The data breach is suspected to be the work of hackers working for an organized crime ring abroad. In response, the IRS said it was offering free credit monitoring and ID protection PINs to the affected taxpayers.
However, the class-action lawsuit accuses the IRS of not doing enough to protect the security of its systems.
“At the time of the data breach of taxpayers’ information, the IRS had received—but not acted on—numerous reports that its systems did not have adequate security; it knew its systems had been previously hacked by cyber-criminals; it knew that cyber-criminals were highly motivated to hack the IRS system in order to steal taxpayer information that has significant value in the black market; and it had actual knowledge that cyber-criminals were engaged in ongoing efforts to hack the IRS systems,” said the complaint. “Despite this knowledge, the IRS deliberately and intentionally decided not to implement the security measures needed to prevent the subject data breach.” Read more on Accounting Today.