IRS Reports FAFSA Data Breach
The Internal Revenue Service (IRS) is investigating a data breach. The data breach involves the theft of tax data of about 100,000 taxpayers. The online FAFSA contains a tool that allows students to import their tax data as well as that of their parents. The IRS became aware of a possible breach that began in the February 2016. However, the IRS did not shut down the data tool until the spring of 2017.
The Free Application for Federal Student Aid (FAFSA) is a form used by millions of college students every year. The free application is the first step to obtaining financial aid from colleges as well as government backed student loans. FAFSA is a long financial form that details family’s income and assets. Part of the data required on the form is tax data for the applicant (student) and their custodial parent. To make the application process a bit easier, the IRS operates a data import tool that lets FAFSA users pull their data into the FAFSA form. After supplying some brief identifying information, all tax data can be imported from the IRS into a FAFSA form.
According to the IRS, they detected a large number of data tool imports in January 2017. After a report filed by a taxpayer, the IRS realized that a large number of transactions was actually a data breach. The taxpayer was a victim of identity theft along with thousands of other data accesses.
The data tool was used on FAFA.gov and it is also used on StudentLoans.gov
The department was aware of the unusual activity, but did not remove the data import tool until March 2017. Other parts of both online applications remain functional.
It is believed that the data breach potentially affects about 100,000 taxpayers. The IRS has since mailed notifications. IRS Commissioner John Koskinen believes that 8,000 of them had fraudulent tax returns filed under their names.
IRS cyber security experts hope to get the data import tool back online by October 2017 in time for next year’s FAFSA filing season.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers