Electronic Filing Identification Numbers Compromised

Nearly 1,200 Electronic Filing Identification Numbers were reported to the Internal Revenue Service as compromised over a five-year period, allowing an individual to electronically submit a federal income tax return using another individual’s EFIN without that person's knowledge, according to a new report.

The report, by the Treasury Inspector General for Tax Administration, found that 1,192 EFINs were reported to the IRS as compromised during the period between March 11, 2005 and Oct. 21, 2010. The report recommended that system validations related to the unauthorized use of EFINs, and compliance with various electronic filing program requirements, need to be strengthened.

The audit originated from a referral from the TIGTA Office of Investigations, which identified a potential weakness in the verifications performed on electronic tax returns submitted to the IRS, allowing an individual to electronically file a federal income tax return using another individual’s Electronic Filing Identification Number.

TIGTA made several recommendations for improvement to the IRS, but the suggestions were partially redacted in the publicly available version of the report. In response to the report, IRS management agreed with four of the six recommendations, but disagreed with the other two. TIGTA said it maintains that the IRS’s controls need strengthening to prevent the unauthorized use of the EFIN.