IRS Warns Tax Info Leaked By US Financial Aid Site (cnn.com) 21
"Hackers accessed the data of up to 100,000 people through a tool that helps students get financial aid," writes CNN. An anonymous reader quotes their report:
IRS Commissioner John Koskinen testified before the Senate Finance Committee Thursday that a breach had been discovered in the fall. In September, he said, his agency discovered that fraudsters could use someone's personal data to fill out a financial aid application, and the "Data Retrieval Tool" would populate the application with tax information. That information could be used to file false tax returns. The commissioner said fewer than 8,000 of these returns were processed, and refunds were issued totaling $30 million...
In October, the IRS told the Department of Education that the system could be abused by criminals, but because up to 15 million people use the system for convenience, they kept it available. However, in February, the agency witnessed a pattern of fraudulent activity, and it shut down the automated tool in March.
Now financial aid seekers will have to manually enter their parents' reported income from previous tax years -- at least until a new version of the tool comes online next October. In the meantime, the IRS is alerting 100,000 users who started an application but didn't finish it, warning them that their tax information may have been compromised.
In October, the IRS told the Department of Education that the system could be abused by criminals, but because up to 15 million people use the system for convenience, they kept it available. However, in February, the agency witnessed a pattern of fraudulent activity, and it shut down the automated tool in March.
Now financial aid seekers will have to manually enter their parents' reported income from previous tax years -- at least until a new version of the tool comes online next October. In the meantime, the IRS is alerting 100,000 users who started an application but didn't finish it, warning them that their tax information may have been compromised.
Re: (Score:1)
Assistant professor fell off the tenure track.
Why the f*ck did it display the data from the IRS? (Score:3, Insightful)
[Note: I worked on the FAFSA system but it was years ago when this type of integration was only spoken of seriously after way too many drinks]
There's no need for the person filling in the application (be they student or parent) to actually see the data that was retrieved from the IRS. It's used by the Dept. of Education to determine your eligibility. All the system need to do was ask for your SSN and for you to provide one or two values from a list of ten to verify that what the IRS provided matches what you think it's supposed to be... e.g. SSN, total taxable income and total federal tax (complete with 1040 line numbers to make sure the questions are clear). If the numbers don't match you prompt for them to enter all the data. There's no need for the system to ever display what the IRS provided. Besides the potential for identity theft it just adds more complexity to the system that doesn't need to be there (and depending on your situation, a FASFA can actually be fairly complex to begin with).
Shame they screwed the pooch like this, one of the few Federal systems I was proud to have worked on. All in all it did it's job, it helped people (*) and it did it fairly well without costing an insane amount of money. That's pretty rare in Federal IT from my experience.
(*) I'm sure a lot of people will bring up the issue of student loans. FAFSA enabled that but its primary purpose was to match eligible students with free student aid (Pell Grants, etc). Please don't conflate DoEd/FAFSA with for-profit Universities (who proprietors should get an express ticket to "the special hell") or precious snowflakes who are pissed off their $150,000 degree in Sumerian basket weaving doesn't translate into a living wage.
Why do you keep getting refunds? (Score:3, Insightful)
As a non-american, could someone explain why you guys seem to go through the hassle of overpaying your tax during the year, then applying for and receiving a refund?
Rather than just, like, paying the correct amount to begin with? Like any sane tax collection regime would attempt?
Re: (Score:2, Insightful)
Re: (Score:2, Informative)
The problem with Option 1 is the IRS will levy fines against you for paying too little. You have to pay enough to only owe at most $1000 or have paid 90% of what you owed last year.
Re: (Score:2)
As a non-american, could someone explain why you guys seem to go through the hassle of overpaying your tax during the year, then applying for and receiving a refund?
Rather than just, like, paying the correct amount to begin with? Like any sane tax collection regime would attempt?
Because we are guilty until proven innocent.
Well well well (Score:2)
But fear not good citizens! We'll implement a system that is a real pain in the ass (for you) and give ourselves a internet security award, some promotions and a big pat on the back - until we give your data away the next time as well. That is all - back to what you were doing before we were inconvenienced.