Earlier this year, the IRS had suffered a setback after it identified an automated attack upon its electronic filing PIN application. Identity thieves then used personal data stolen from outside the IRS to generate E-file PINs associated with stolen social security numbers.
In response to the incident, the IRS issued a statement, which said:
No personal taxpayer data was compromised or disclosed by IRS systems. The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.
Approximately 464,000 unique social security numbers were subjected to unauthorized access attempts with E-file PINs successfully generated for 101,000 of those numbers.
Unfortunately, the IRS recently observed "additional automated attacks taking place at an increasing frequency, but only affecting a small number of e-File PINs." Despite the implementation of additional defensive measures earlier in the year, the IRS has made the decision to completely remove E-file PINs as a security precaution.
At present, the withdrawal only impacts those who have yet to file their tax return for this year and require a regenerated e-File PIN. These people will need to provide verification in the form of their prior-year adjusted gross income (AGI). However, it remains unclear if this form of verification will be required for all taxpayers submitting electronic forms next financial year.