Hackers Stole $30 Million Thanks to Student Loans Tool

HackHackers Take Advantage of Apache Strut 2 Vulnerability to Launch Massive Attacksers Take Advantage of Apache Strut 2 Vulnerability to Launch Massive Attacks

Hackers have stolen $30 million from the US government through the use of the financial tool that the IRS has provided for student loans.

About 100,000 people are in danger of having their identity stolen now that hackers have breached the IRS’s Data Retrieval Tool. It’s widely known that students’ parents have been using the Free Application for Federal Student Aid to transfer the financial information, and only in 2015, over 17 million students have been known to use this app.

The tax frauds have been an ever growing problem for the IRS, and it would seem that that’s not going to change soon since the hackers are constantly finding new, more sophisticated ways to scam them and steal the financial documents on the Internet. In 2013, the agency lost over $5.8 billion after sending refunds after multiple fake fillings that were done by criminals in other people’s names. So far, many hospitals, restaurants, and schools have been targeted, and college students appear to be the latest victims of these scams and schemes.

John Koskinen, the IRS Commissioner, has testified to the Senate Finance Committee this Thursday and has revealed that several thousands of people are in danger of having their identities stolen as a result of the recent breach. Over 52,000 taxpayers won’t get their tax refunds until the agency can make sure that the tax request is legitimate.

Koskinen has stated that, even though it was clear that some of the activity that was observed was actually legitimate students, some was also a result of a hack, and in order to prevent the influence of the hackers from expanding, the entire system had to be shut down.

Apparently, the hackers have used the app to pose as 8,000 college students and post fake tax refund requests. They followed the regular financial aid protocol like all other students and proceeded to use the IRS tool in order to automatically fill in tax information for both students and their parents.

By using this method of faking tax info in their applications, hackers have managed to steal up to $30 million, and only then have the IRS realized what’s been happening and blocked the remaining 14,000 fake requests.

The tool was disabled in March by the IRS and the Department of Education, and it’s been stated that it wouldn’t be reactivated until the fall. The first information that IRS received about the breach was back in September 2016, but the app stayed operational because of millions of its legitimate users.

Koskinen has said that “As soon as there was any indication of criminal activity, we would have to take that application down. That occurred, as we monitored, in through the early part of February.”

As for the students, they can still fill out the application manually, even though the process will take way longer to be completed. 100,000 people whose information is at risk have been notified of the breach and its consequences.