The IRS and the Department of Education announced that the IRS Data Retrieval Tool was taken offline in late March after a possible breach until extra security protections could be put in place. Testifying before the Senate Finance Committee, Internal Revenue Service Commissioner John Koskinen said that the information of as many as 100,000 taxpayers may have been compromised in a security breach of the IRS' Data Retrieval Tool, which is used to automatically populate tax information when applying for federal student aid online.
Koskinen testified that identity thieves stole more than $30 million from the IRS by using the tool to file fraudulent tax returns. Once the IRS identified suspicious activity, the agency put a halt on over 52,000 refunds until it can verify that these are legitimate requests.
The IRS is aware of the fact that some of the FAFSA applications that were flagged for suspicious activity are legitimate, but the agency needs to complete its investigation before they can be reinstated. Koskinen went on to say that the IRS outright blocked an additional 14,000 other phony tax refunds.
The fallout from the breach is that the application process is much slower now because students must fill out the standard FAFSA form and manually submit a copy of their tax return until the IRS Data Retrieval Tool comes back online in the fall. The good news is that parents and students can still access FAFSA and Income-Driven Repayment plan applications online.
Despite the fact that an ongoing criminal investigation into the breach is currently underway, the IRS said that it is still trying to determine the size and scope of the attack.