IRS.GOV: alleged data breach affects the accounts of 18 million citizens
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Enterprise BusinessLog 320x200 1
Banner Desktop
IRS.GOV: alleged data breach affects the accounts of 18 million citizens

IRS.GOV: alleged data breach affects the accounts of 18 million citizens

Redazione RHC : 12 December 2025 18:00

An alleged database containing sensitive information on 18 million U.S. citizens over 65 has appeared for sale on a popular dark web forum.

The advertiser, who uses the pseudonym “Frenshyny,” claims to have stolen the data directly from the government portal irs.gov , which handles, among other things, tax records and 401(k) retirement plan information.

Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data. It is currently not possible to independently verify the authenticity of the information reported, as the organization involved has not yet released an official statement on its website. Therefore, this article should be considered for informational and intelligence purposes only.

What would the database contain?

The ad lists an impressive amount of personal data, including:

  • Name and surname
  • Age
  • State and city
  • Address
  • Postal code
  • Telephone number
  • E-mail

According to the seller, this would be information relating to the beneficiaries of 401(k) Benefit Funds , the famous American retirement savings plan that has been active since the 1980s.

The amount— 18 million records —suggests an extremely large compromise, which, if confirmed, would be the largest data breach ever recorded in the U.S. private pension system.

The context of the forum

The ad was posted in a section dedicated to the sale of stolen databases. The seller introduced himself as a “VIP” member of the forum, emphasizing his reputation in the community and offering the option of contacting him on Telegram for “trials and prices.”

The post also contains a lengthy description of how 401(k) plans work, likely included to make the data’s provenance more credible.

Why this leak would be extremely dangerous

If authentic, a database of this magnitude would expose millions of senior citizens to:

  • Large-scale financial fraud , including pension scams.
  • Identity theft , thanks to the complete package of personal information.
  • Targeted social engineering attacks , particularly effective on more vulnerable people.
  • Fraudulent access to retirement plan-related accounts or services.

People over 65 are a favorite target for cybercriminals, and having verified data makes them extremely attractive for fraudulent campaigns.

A new sign of the boom in financial cybercrime

The emergence of this alleged database confirms a well-established trend: the financial and pension sectors have become a prime target for threat actors.

Data such as that contained in pension records, in fact, have a particularly high value in black markets.

If verified, this sale would represent yet another blow to the security of U.S. government systems and a huge risk to millions of retirees.

  • #cybercrime
  • #cybersecurity
  • 401k data breach
  • dark web
  • data breach
  • financial fraud
  • identity theft
  • online security
  • personal data
  • sensitive information
Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli