Brinztech Alert: Tax Data of United States are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is auctioning a massive collection of data that they allege contains United States tax forms (1099s and W2s). According to the seller’s post, the data originates from “admin access” to a tax service provider and includes thousands of forms spanning several years, from 2015 to 2021. The data is being auctioned with a high starting price of $5,000 and a “blitz” (buy-it-now) price of $50,000.

This claim, if true, represents a security incident of the highest severity. Tax documents contain a “full identity kit” for an individual, including their name, address, Social Security Number (SSN), and detailed income information. This is a perfect toolkit for criminals to commit mass tax refund fraud and sophisticated identity theft. The claim of having “admin access” to a tax service provider points to a catastrophic supply chain attack, where a single breach could expose the sensitive tax data of every single client that used the compromised service.

Key Cybersecurity Insights

This alleged data sale presents a critical and widespread threat to US taxpayers:

• A “Full Identity Kit” for Mass Tax Fraud: The most severe and immediate risk is the exposure of tax forms. W2s and 1099s contain everything a criminal needs to file fraudulent tax returns in a victim’s name and divert their refund. This is a direct enabler of large-scale financial crime.
• A Catastrophic Supply Chain Attack on the US Tax System: The claim of having “admin access” to a tax service is a worst-case scenario. This is a supply chain attack. A single breach at a tax preparation company (like an accounting firm or a software provider) can expose the sensitive tax data of every single one of their clients.
• High-Value Data Attracts Sophisticated Buyers: The high auction price indicates the seller believes this data is extremely valuable and of high quality. This will attract sophisticated, well-funded criminal organizations who are experts at monetizing this type of information through large-scale fraud operations.

Mitigation Strategies

In response to a threat of this nature, all US taxpayers and tax professionals must be extremely vigilant:

• Launch an Immediate Investigation by the IRS: The IRS Criminal Investigation (CI) division, in coordination with federal law enforcement, must immediately launch a top-priority investigation to verify this severe claim and identify the compromised tax service.
• Proactively Obtain an IP PIN from the IRS: All US taxpayers should be encouraged to voluntarily opt-in to the IRS’s Identity Protection PIN (IP PIN) program. An IP PIN is a six-digit number known only to the taxpayer and the IRS, which provides a critical layer of protection and is the single best defense against tax refund fraud.
• Enhance Scrutiny and Awareness: All taxpayers should be on high alert for phishing scams impersonating the IRS, especially via email or SMS. Tax professionals must enforce Multi-Factor Authentication (MFA) on all their systems and be extremely cautious of social engineering attempts.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com