The breach of a tool that parents and students can use to streamline the student lending process has allowed information for 100,000 taxpayers to get out into the wild, according to Internal Revenue Service Commissioner John Koskinen on Thursday.
The tool — which allows users to directly port their electronic tax return into the Free Application for Federal Student Aid form — had to be unplugged in March when it was discovered that enterprising cybercriminals were using the tool for an unintended purpose: gathering information to file fake tax returns.
The scam led to about 8,000 fraudulent refunds — worth about $30 million. The IRS filters were able to stop 52,000 returns and prevented 14,000 illegal refund claims from being sent.
The IRS first noticed and made the federal DoE aware of the issue in early fall.
“I told (the Education Department) as soon as there was any indication of criminal activity, we would have to shut that system down,” Mr. Koskinen said. ”We’re trying to anticipate where the criminals will attack next.”
Mr. Koskinen said the government was reluctant to make a quick decision last year to terminate the popular tool.
“To shut it down without a clear indication of criminals actually using it seemed to us that it was going to unnecessarily disadvantage millions of people who used it,” he told reporters after the hearing.
Plus, Koskinen noted, not all flagged tax returns were actually fraudulent — there were some cases where clearly the correct person was behind the return. They included taxpayers who paid money with their returns — not the way refund fraud works — and taxpayers who filed their returns before using the Education Department’s tool.
“We caught it early enough that there’s not a significant volume of money out the door,” he said.
Apart from the breach — and the data of 100,000 tax payers being a little bit compromised — the other downside in this story is that the tool itself is done for the rest of the 2017 application cycle, which is bad new for those who rely on it, particularly in low-income communities.
A criminal investigation into the breach is ongoing.