REDLANDS, Calif., Aug. 21, 2015 /PRNewswire/ -- McCuneWright, LLP, along with other firms, filed a class action complaint Thursday against the Internal Revenue Service for damages resulting from a cyber-breach of IRS systems and theft of identity and financial information of approximately 330,000 taxpayers earlier this year.
"As custodians of taxpayer information, the IRS has failed in its obligation to protect the personal and sensitive information of hundreds of thousands of taxpayers, their spouses and families," said Richard McCune, partner of the Inland Empire's premier complex litigation firm, McCuneWright, LLP, and a national spokesperson on privacy and data breach issues. "Furthermore, the breach and theft occurred after repeated warnings over the course of several years regarding the lax computer security system."
Citing recommendations issued by the Treasury Inspector General for Tax Administration (TIGTA) and testimony from a June hearing before the U.S. Senate Finance Committee, the complaint alleges that the theft of personal identification information (PII) was made possible due to the IRS ignoring known security deficits in its data storage system. It also states that "the IRS generally knew that its systems would be a target for cyber-criminals" due to massive data breaches at major U.S. companies over the past several years; the IRS specifically knew its "cyber-security measures were inadequate"; "the IRS deliberately and intentionally chose not to implement appropriate security" to guard the taxpayer information; and the breach caused damage to the plaintiffs and putative class.
At a U.S. Senate Finance Committee hearing on June 2 regarding the breach, Senator Ron Wyden (D-Oregon) stated that "the thieves who steal taxpayer information could wipe out people's life savings and leave them in financial ruin. They could falsify tax returns next year or further down the road. They could take out huge, fraudulent home or student loans."
At the same hearing, panel Chairman Orrin Hatch (R-Utah) told IRS Commissioner John A. Koskinen, who is also named as a defendant in the suit, that his agency "failed" these taxpayers "and their families, [who] must now begin the long and difficult process of repairing their reputations. And they must do so with the knowledge that the thieves who stole their data will likely try to use it to perpetrate further fraud against them."
Based on Koskinen's congressional testimony, the suit adds, the security breach was not related to the financial resources available to the agency, but rather a deliberate decision to not implement the security measures recommended by GAO and TIGTA and, reportedly, by its own employees.
The breach traces to the Get Transcript application used by taxpayers to obtain approximately 23 million copies of recently filed tax information during the 2015 filing season. According to the suit, during the middle of May, IRS' cyber-security team noticed unusual activity on the Get Transcript application. As a result, the IRS shut down the Get Transcript application on May 21. Koskinen reported at the hearing that investigation efforts revealed approximately 200,000 suspicious attempts to gain access to taxpayer information on the app were made between mid-February and mid-May, with more than half being successful. On Tuesday of this week, the IRS announced that the theft was much worse than originally thought, revising the number of successfully stolen forms to 330,000.
The cyber-criminal has access to each victim's full tax transcript, including identification information, social security numbers of the spouse and children, prior and current W2 forms, income, holdings, and other information -- essentially, enough to fraudulently file for a tax refund under the taxpayer's identification.
Richard McCune is available to talk with reporters about the case and how it could affect all taxpayers and the IRS going forward.
McCuneWright, LLP has long been involved in advocating on behalf of Southern California consumers and holding large organizations accountable for their products and business practices. The firm is involved in a number of lawsuits dealing with privacy issues, including recently filing a lawsuit against UCLA Health System.
The IRS complaint was filed in conjunction with Abbott Law Group, P.A., of Jacksonville, Florida; Morgan & Morgan, of Tampa, Florida; and Rhine Law Firm, P.C., of Wilmington, North Carolina.
Additional information regarding the IRS case, including a copy of the class action complaint, is available at www.mccunewright.com.
CONTACTS: Jack Boren
SOURCE McCuneWright, LLP