IRS officials announced on Monday that hackers accessed tax information from more than 338,000 taxpayers. The IRS had originally said that hackers potentially accessed information for 114,000 taxpayers via an online system. The agency did a further review and issued a statement Monday adding 224,000 more victims to the list of those whose information was potentially accessed. The tax-collection agency said it realized the total number of victims was twice as high after it conducted “an extensive review covering the 2015 filing season.”
The IRS is now sending letters to those taxpayers to warn them about potential identity theft, offer free credit protection and give them an extra PIN to protect future tax filings. Hackers abused the IRS website tool called “Get Transcript.” It was meant to help taxpayers who lose track of old tax documents. They could easily download several years of tax forms for tasks like applying for a mortgage or college financial aid.
Tax forms contain much more sensitive information, including salary, family information, and property and investment values. With this additional stolen information, criminals can claim bogus tax refunds — or open credit lines in your name. New evidence shows that the criminals had access to the personal information of some 610,000 taxpayers. They managed to use the “Get Transcript” tool to access tax documents for about half of them.
Originally, IRS Commissioner John Koskinen said the crooks used 15,000 of them to claim tax refunds in other people’s names. The agency said it hasn’t yet conducted a review to see if that number is also going up. IRS officials admitted the discovery in a statement. “As part of the IRS’s continued efforts to protect taxpayer data, the IRS conducted a deeper analysis over a wider time period covering the 2015 filing season, analyzing more than 23 million uses of the Get Transcript system,” the IRS said in its statement. The 338,000 figure doesn’t include the number of failed fraudulent attempts to access taxpayers’ information. In May, the IRS said the attackers tried but failed to access another 111,000 accounts.
On Monday, the IRS did not identify a potential source of the crime. But in May, officials said IRS investigators believe the identity thieves are part of a sophisticated criminal operation based in Russia. The IRS said Monday that thieves started targeting the website in November. Originally, investigators thought it started in February. The website was shut down in May.