Chip Somodevilla / Getty Images
Hackers gained access to the tax records of up to 100,000 people who used a government-created financial aid tool, the Internal Revenue Service commissioner said Thursday, explaining why the tool was taken offline at the peak of application season last month.
The tool was built into the government’s Free Application for Federal Student Aid (FAFSA), and enabled users to import their tax information into their financial aid and student loan forms. It was compromised in a security breach, and fraudulent refunds using the data have already cost the government $30 million and exposed tens of thousands of people to identity theft.
About 8,000 fraudulent tax refunds were issued because of the breach of the so-called IRS Data Retrieval Tool, IRS commissioner John Koskinen said in testimony before the Senate Finance Committee. Another 14,000 fraudulent refunds were blocked.
The tool was taken offline in March with no warning from the government, and the IRS and Education Department initially said it would return within weeks. The outage is now expected to drag into October. “I told them that as soon as there was any indication of criminal activity, we would have to take that application down,” Koskinen said.
The shuttering of the tool has caused massive headaches and a cascade of other consequences for some financial aid applicants and student loan borrowers, particularly low-income students. It requires students to manually input data that they may not readily have access too, and with the tool offline, students are more likely to have their FAFSA applications flagged for vetting — a time-consuming process that could cause first-come, first-serve aid to run out for some students, and that evidence suggests may deter others from applying for aid altogether.
The IRS uses filers’ adjusted gross incomes as the primary way to verify taxpayers’ identity, but the data retrieval tool was designed to allow people to more easily access that same number. Koskinen said that the IRS had detected a “pattern of activity” that suggested the tool was being used fraudulently.