The IRS believes that criminals behind a major security breach that allowed them to access tax information from more than 100,000 U.S. households were based in Russia, sources confirmed to Fox News Wednesday.
A well-placed cyberintelligence source familiar with the investigation into the breach told Fox News that the attack, which breached the IRS system, originated out of Russia. Additionally, the IRS alerted the Department of Homeland Security following the breach, a federal law enforcement official said.
The agency said Tuesday that criminals had used stolen Social Security numbers and other data to gain unauthorized access to the accounts. They then used the information from prior years’ returns to help them file for fake refunds using a system called “Get Transcript,” for which they had to clear a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address.
The IRS said thieves targeted the system from February to mid-May. The service has been temporarily shut down.
Congressional sources told Fox News Wednesday that the agency has informed Capitol Hill of its findings, and the Senate Finance Committee already has scheduled a hearing for June 2. IRS Commissioner John Koskinen and Treasury Inspector General for Tax Administration J. Russell George are scheduled to testify.
“When the federal government fails to protect private and confidential taxpayer information, Congress must act,” Senate Finance Committee Chairman Orrin Hatch, R-Utah, said Wednesday as he announced the hearing.
“Taxpayers deserve to know what happened at the IRS regarding the data theft, and this hearing will be the first step of many that the committee takes to determine what happened and how the government can prevent such attacks from happening again,” Hatch said.
Hatch also has requested a confidential briefing by IRS officials.
The Associated Press, citing two anonymous sources, first reported that the IRS believes the criminals are part of a sophisticated criminal operation in Russia, based on computer data about who accessed the information.
The information was stolen as part of an elaborate scheme to claim fraudulent tax refunds and is not the first time the IRS has been targeted by identity thieves based overseas.
In 2012, the IRS sent a total of 655 tax refunds to a single address in Lithuania, and 343 refunds went to a lone address in Shanghai, according to a report by the agency's inspector general. The IRS has since added safeguards to prevent similar schemes, but the criminals are innovating as well.
The IRS believes the criminals originally obtained this information from other sources. They were accessing the IRS website to get even more information about the taxpayers, which would help them claim fraudulent tax refunds in the future, Koskinen told reporters Tuesday.
The thieves have already used some of the information to claim as much as $50 million in fraudulent tax refunds, Koskinen said.
"We're confident that these are not amateurs," Koskinen said. "These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with."
Identity thieves, both foreign and domestic, have stepped up their efforts in recent years to claim fraudulent tax refunds. The agency estimates it paid out $5.8 billion in fraudulent refunds to identity thieves in 2013.
The IRS said it is notifying taxpayers whose information was accessed, and is providing them with credit monitoring services.
The IRS has launched a criminal investigation, and the inspector general is also investigating.
The Associated Press, Fox News' Mike Emanuel and Matthew Dean contributed to this report.