Enlarge / Former First Lady Michelle Obama delivers remarks during a FAFSA workshop in 2014.
Identity theft was not the kind of “getting schooled” the First Lady had in mind. (credit: Official White House Photo by Amanda Lucidon)
The arrival of the holidays heralds another season soon to arrive: the tax season and, with it, the tax-return fraud season.
And while the Internal Revenue Service has made some moves toward stanching the flow of fraudulent tax returns filed by cyber-criminals, another government agency is offering up fresh fuel to fraudsters’ efforts: the US Department of Education.
On November 24, security reporter Brian Krebs revealed how the agency’s site for the Free Application for Federal Student Aid (FAFSA) not only allows students to apply for financial assistance, but it also allows anyone with a student’s name, Social Security number, and date of birth to access all of the information they’ve entered in their application—and even some they may not have.
And that data includes tax data that could be used to submit fraudulent electronic tax returns, including adjusted gross income (AGI) from the previous tax cycle.
Back in March, the Education Department and the IRS shut down a system called the Data Retrieval Tool that allowed FAFSA applicants to automatically populate fields in their applications from their IRS tax records.
The reason: more than 100,000 taxpayers may have had their information fraudulently retrieved through the FAFSA application system.
A similar concern arose two years ago over a federal student loan application system that also tapped into IRS data and over an IRS PIN tool meant to allow taxpayers to protect their electronic filing.
Read 3 remaining paragraphs