Brinztech Alert: Database of the Internal Revenue Service is Leaked

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to have leaked a database that they allege originates from the Internal Revenue Service (IRS). According to the post, the compromised data contains over 71,000 rows of information and was reportedly breached in September 2018. The purportedly leaked data includes sensitive taxpayer information such as Employer Identification Numbers (EINs), Taxpayer Names, and Filing Types.

This claim, if true, represents a significant data breach of a critical government agency. A database containing official taxpayer names and their corresponding EINs is a powerful tool for criminals. It is a purpose-built toolkit for committing large-scale tax fraud, corporate identity theft, and other sophisticated financial scams. While the alleged breach date is from several years ago, foundational identity data like names and tax identification numbers do not change, meaning the data remains a potent threat in the hands of malicious actors.

Key Cybersecurity Insights

This alleged data breach presents a critical threat to taxpayers and the integrity of the tax system:

• A Toolkit for Mass Tax Fraud: The most severe and immediate risk is the use of this data for tax fraud. With legitimate taxpayer names and EINs, criminals can attempt to file fraudulent tax returns to claim refunds, causing significant financial losses to the government and creating immense legal and financial problems for the victimized businesses.
• High Risk of Corporate Identity Theft: The EIN is the corporate equivalent of a Social Security Number. ¹ When combined with a company’s name, this data allows criminals to convincingly impersonate businesses to financial institutions, suppliers, and other government agencies, enabling a wide range of corporate fraud.   Taxpayer identification numbers (TIN) | Internal Revenue Service www.irs.gov
• The Lingering Threat of “Legacy” Data: The 2018 breach date does not render the data useless. Core identity information like names and tax IDs are permanent. Criminals can still use this “legacy” data to mount effective social engineering campaigns or cross-reference it with newer breaches to build more complete and dangerous profiles on their targets.

Mitigation Strategies

In response to a threat of this nature, the IRS and all US taxpayers must be vigilant:

• Launch an Immediate Federal Investigation: The IRS, in coordination with the US Treasury and federal law enforcement agencies like the FBI, must immediately launch a high-priority investigation to verify this severe claim and determine the source of the potential leak.
• Enhance Fraud Detection for Businesses: The IRS should enhance its fraud detection algorithms to identify any anomalous filings associated with the taxpayers in the alleged leak. All businesses should be on high alert for phishing scams impersonating the IRS and should consider applying for an Identity Protection PIN (IP PIN) from the IRS for added security.
• Promote Proactive Public and Business Awareness: A widespread public alert is necessary to warn all US taxpayers, particularly businesses, about the potential for scams that leverage this type of data. Clear guidance on how to identify and report tax-related identity theft is crucial.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com