The United States Internal Revenue Service (IRS) has terminated the availability of its electronic filing PIN following two separate waves of automated attacks.
IRS informed taxpayers of its decision on Thursday:
"As a precautionary step to protect taxpayers, the Internal Revenue Service today announced that the electronic filing PIN tool is no longer available on IRS.gov or by toll-free phone following additional questionable activity."
The e-File Pin is a tool that helps taxpayers verify their signature should they elect to file a tax-related document in the Form 1040 series electronically. Most taxpayers do not make use of the tool and instead use their prior-year adjusted gross income. Those who don't have a copy of their prior year tax returns can use Get Transcript, a feature which allows taxpayers to view their tax statements and tax return information.
In May 2015, the IRS announced a data breach after attackers abused people's personal information stolen from other sources to fill out Get Transcript applications in their names. It was first reported that attackers compromised approximately 100,000 taxpayers' accounts, but that number was updated in February 2016 to 390,000 profiles.
At around that same time, the IRS detected an automated bot attack that successfully leveraged people's personal information obtained from other sources to access more than 100,000 e-File PINs. Its security teams decided to keep the tool and put some additional defensive measures in place to help protect taxpayers' accounts, but that didn't stop attackers from once again attempting to abuse the e-File PIN tool.
According to the IRS:
"Recently, the IRS observed additional automated attacks taking place at an increasing frequency, but only affecting a small number of e-File PINs. We were able to identify this issue because of additional defenses put in place earlier this year, and backend protections remain in place. However, the IRS decided to remove the e-File PIN program as a safety measure."
The IRS was already planning on discontinuing taxpayers' use of the e-File PIN later this year.
News of this announcement comes a few months after the Internal Revenue Service reported a 400 percent increase in tax-related phishing and malware attacks targeting users during the 2016 tax season.