Another government agency falls short in protecting personal data. A recent data breach to the Department of Education website’s Free Application for Federal Student Aid (FAFSA), has compromised the personal information of approximately 100,000 taxpayers. Parents and students had an option to use the IRS Data Retrieval Tool (DRT), which provided access to their income information from prior year tax returns and automatically filled in the applicable information on the FAFSA application.
Identity thieves used the personal information of individuals that they had obtained from outside the tax system to begin the FAFSA application process. The thieves further used the DRT to access adjusted gross income and other personal information to file fraudulent tax returns with the IRS. Currently, it’s estimated that up to 8,000 fraudulent returns were filed, processed, and completed. Furthermore, approximately $30 million in refunds were issued before the IRS shut down the tool in March.
The online FAFSA application remains available and operational; however, the DRT functionality will remain suspended for the 2016-17 and 2017-18 FAFSA application forms. The DRT should be available for the 2018-19 FAFSA application when the form launches on October 1, 2017. Taxpayers that have not completed the process of finalizing their FAFSA applications (2016-17 and 2017-18) must manually enter their 2015 tax information by obtaining copies of their 2015 tax returns or requesting IRS tax transcripts.
The IRS is currently working to identify the exact number of taxpayers affected by the FAFSA breach. As the IRS identifies those taxpayers with compromised personal information, it is flagging and locking down their accounts to provide an additional layer of protection against any fraudulent activity. Additionally, the IRS plans to notify any affected taxpayers by mail about possible identity theft concerns.
For more information or questions, please contact Anatoli Pilchtchikov at 301.231.6200.