Tax officials were able to quickly block the affected accounts.
Hackers hacked around 2,000 taxpayers’ tax accounts at the end of June to modify their tax returns, the Directorate General of Public Finances (DGFiP) announced on Tuesday August 20.
According to The chained Duck to be published on Wednesday, which reveals this cyber-attack, hackers have most often added tax credits and reductions to the declarations of their victims, and replaced their bank details with others, entirely fictitious. “It was not a desire to make money because “with us there is nothing to steal”, explains an agent of the DGFiP.
The hackers did not directly hack the tax website, but the mailboxes of their victims, which they took possession of in order to be able to enter the system. Indeed, the taxpayer who has lost his 13-digit tax identifier can be sent by email, then change his password, allowing intrusion.
Site security reinforced from the end of August
The DGFiP noted at the beginning of the summer “An unusual wave of password renewal for several specific areas on impots.gouv.fr”, according to a press release from Bercy. As the hack affected only about 2,000 of the roughly 31 million online tax accounts, tax officials were able to quickly block affected accounts before calling victims by phone in a single day and resetting their accounts. after making sure that they had regained control of their mailbox. They sent a letter to those who could not be reached by phone.
To prevent the repetition of this type of incident, the DGFiP, which informed the mailbox providers and lodged a complaint, calls on taxpayers to secure their e-mail service. The tax authorities will also strengthen access to its site from the end of August: taxpayers will have to give their date of birth to be able to access their personal space. In the longer term, additional safeguards are envisaged such as “Sending a code by SMS or applying a biometric system as suggested by the EU”, according to the Bercy press release.