Paul L. Caron

Friday, April 7, 2017

NY Times:  100,000 Taxpayers Compromised In Hack Of FAFSA Tool At IRS

FAFSAIRSFollowing up on my previous post, As Deadlines Approach For College Financial Aid & Income-Based Loan Repayment, IRS Leaves Parents, Students & Graduates In Lurch By Taking Down Online Tax Return Data Retrieval Tool:  New York Times, Up to 100,000 Taxpayers Compromised in Fafsa Tool Breach, I.R.S. Says:

The Internal Revenue Service said on Thursday that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid.

The breach may be the most extensive since 2015, when thieves gained access to the tax returns of over 300,000 people by using stolen data and filed fraudulent returns to get refunds.

The possibility of an attack became known in early March after the I.R.S. shut down its Data Retrieval Tool, which families used to import tax information to Fafsa, the Free Application for Federal Student Aid, on the Education Department’s website. The shutdown, at the height of financial aid application season, caused outrage among parents and students trying to fill out the complicated Fafsa forms.

The I.R.S. has been struggling to overhaul its defenses against increasingly sophisticated cyberthreats as its budget shrinks and its staff dwindles.

The agency became concerned last fall when it realized that it was possible for criminals to take advantage of the student loan tool that allows aid applicants to automatically populate the applications with their and their parents’ tax information. The worry was that thieves might use the stolen data to file fraudulent returns and steal refunds, as they did two years ago.

“Fortunately we caught this at the front end,” John Koskinen, the I.R.S. commissioner, said Thursday at a Senate Finance Committee hearing. The I.R.S. does not expect the tool to be secure and operational again until October. “Our highest priority is making sure that we protect taxpayers and their identity,” he said.

But the breadth of the breach remains unknown, and Mr. Koskinen faced tough questions during the hearing as to why he did not act sooner.

IRS News, Tax | Permalink


FAFSA should be eliminated. Right now, you can't even find out what you're paying for a college until you fill out the FAFSA application. That is, you don't know how much they will charge you until you tell them how much you're worth. This goes against every grain of the free market system and is a major factor in the ridiculous price of college education these days.

Posted by: Man in PA | Apr 8, 2017 7:29:10 PM

"The I.R.S. has been struggling to overhaul its defenses against increasingly sophisticated cyberthreats as its budget shrinks and its staff dwindles."

Maybe they shouldn't have spent all that time and money on political witch hunts...

Posted by: Mike Morgan | Apr 8, 2017 6:19:09 PM

FAFSA is the massive paperwork required for any student wanting to be considered for grants, scholarships or loans. Why should a family be required to cough up all the family finances for a grant or scholarship? With the huge number of student loan defaults, it certainly isn't weeding out poor credit risks. It's just intrusive info-gathering by not a bank, but the US Dept of Education which controls all this thanks to Obamacare law. It is common for families to submit every forms and document demanded plus their tax returns and not qualify for anything or discover they only qualify for loans that they decided they can't afford so they didn't go any further - but evidently their private information is all over the place now. The creative ways education manages to screw the average American middle class is really quite astounding. They didn't need all that information, and didn't protect it properly when they got it.
It'd be better time spent with a financial counselor before signing on with a university.

Posted by: super fed up | Apr 8, 2017 4:18:47 PM