Looking for Tax Day news? Try this.

Hackers have gotten into the human resource departments of “more than half-dozen U.S. companies,” according to journalist and security expert Brian Krebs, and used the data obtained to file fake tax returns and collect the refunds.

Krebs, who runs a widely respected blog called Krebs on Security, reported that the scheme began at the start of this year’s tax filing season and “includes fraudulent returns filed on behalf of thousands of people — totaling more than $1 million in bogus returns.”

Krebs wrote:

Each fake return was apparently filed using the e-filing service provided by H&R Block, a major tax preparation and filing company. H&R Block did not return calls seeking comment for this story. …

It’s important to note that fraudsters engaged in this type of crime are in no way singling out H&R Block or Ultipro. Cybercrooks in charge of large collections of hacked computers can just as easily siphon usernames and passwords — as well as incomplete returns — from taxpayers who are preparing returns via other online filing services, including TurboTax and TaxSlayer.

Krebs said they had the refunds sent to prepaid American Express cards, which have been linked to bank accounts controlled by the hackers, and are then able to go to any ATM and pull out the cash.

“Why target individual filers when you can file fraudulent tax returns on an entire organization or company all at once?” Krebs told The Washington Post via e-mail. “By stealing the credentials that HR professionals use to manage their employees’ benefits/payroll/tax records at cloud providers, the fraudsters can gain access to a huge treasure trove of valuable data.”

A cloud provider is service provider that offers customers storage or software services on a network.

A government report released in November stated the IRS issued nearly $4 billion in fraudulent tax refunds over the previous year to thieves who were using other people’s personal information. Attorney General Eric H. Holder Jr. said that the “scale, scope and execution of these fraud schemes” has grown substantially and the Justice Department has charged 880 people in the past year.

Holder ought to know. The Wall Street Journal reported last month:

Two Georgia men filed a tax return with the name, birthday and Social Security number of Attorney General Eric Holder in hopes of getting his refund, according to federal prosecutors in Atlanta. Holder was one of several people targeted by Yafait Tadesse and Eyaso Abebe, both of whom have pleaded guilty to charges related to the scheme.

When they filed his return, they listed Holder as working at Wal-Mart.

A spokesman for Holder declined to comment on his case.