According to the IRS, the automated cyber attack attempted to use malware to trick IRS.gov into generating E-file PINs for the hundreds of thousands of SSNs.
If the thieves had been able to obtain those PINs, they would have had an important piece needed to E-file fraudulent tax returns in the name of those taxpayers. The agency reveals that 101,000 PINs were successfully generated during the attack, but the IRS claims it blocked the attack and no personal information was compromised or disclosed.
The SSNs involved in the attack were stolen from outside sources, says the IRS, which is now notifying these taxpayers that their Social Security info is in the hands of ID thieves. These folks’ IRS accounts are being flagged in case anyone tries to use the purloined SSNs in the future.