IRS Data Breach Nearly Three Times Bigger than Previously Reported

Mark Van Scyoc/

An internal investigation revealed the cyberattack affected 220,000 more taxpayer accounts than was originally estimated.

The Internal Revenue Service announced in May that hackers had gotten into its system, and it estimated then that 114,000 taxpayers' accounts had been compromised. But a thorough review of activity on the IRS site throughout the 2015 tax-filing season revealed that the intrusion affected nearly three times that many accounts, the agency said Monday.

In its investigation, the IRS found about 220,000 additional instances where intruders were able to clear a verification system meant to keep sensitive tax information safe, as well as about 170,000 failed attempts to get around the verification system.

That puts the agency's estimate of the total size of the breach at 330,000 accounts, and its estimate of total failed attempts to get into its system at 281,000.

The IRS said in June that it believes the attack came from Russia.

The hackers were able to use information about taxpayers that they had acquired separately to "prove" to the system that they were authorized users. They targeted the agency's "Get Transcript" service, which allows taxpayers to call up their tax history and important information.

The service required users to enter personal information about themselves to confirm their identities, suggesting that hackers had access to many pieces of information about the individuals they targeted.

The hackers filed $50 million in fraudulent tax refunds, the IRS said in May.

"The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to 'Get Transcript' taxpayer account information," the agency announced Monday. "As an additional protective step, the IRS will also be mailing letters to approximately 170,000 other households alerting them that their personal information could be at risk even though identity thieves failed in efforts to access the IRS system."

The agency warned that the information could be used to file fraudulent tax returns in 2016, and recommended that users affected by the breach sign up for free credit monitoring services. The IRS will also furnish those users with a unique PIN that it says will keep their returns safe.

The "Get Transcript" program was shut down in May after the breach was first reported, and has not been restored, although the IRS provides other options for users to retrieve their tax histories.

(Image via Mark Van Scyoc/

NEXT STORY: NGA opens its doors to industry