The Internal Revenue Service recently announced that cyber attacks targeting taxpayer accounts impacted a much larger number of victims than previously thought.
In comparison to the agency's previous report in May, more than twice as many taxpayer accounts were compromised by identity thieves. According to the IRS, hackers gained access to as many as 330,000 accounts and attempted to break into an additional 280,000. In total, 610,000 Americans were impacted.
These figures are significantly higher than initial reports, which indicated that criminals accessed roughly 225,000 households' tax return information.
Hackers were able to pass through security screens that required individuals' Social Security numbers, dates of birth, tax filing status and street addresses. The process also required users to answer personal security questions. As a result, the IRS is led to believe that these hackers had access to such specific information by aggregating personal data from multiple sources.
The IRS said they are moving quickly to notify those affected.
The breach stems back to the IRS' online application called "Get Transcript," which allows taxpayers to obtain tax return information from the year before. As soon as the IRS was aware of the hacking, the agency took the tool offline.
These new findings are expected to raise concerns over the agency's ability to both protect and notify affected individuals of potential fraud and identity-theft risks.
“Today's revelation that the IRS didn't fully understand this security breach for months is not confidence-inspiring,” Rep. Peter Roskam (R., Ill.), chairman of the House Ways and Means subcommittee that oversees the IRS, told the Wall Street Journal.
The IRS said in a statement published in the Wall Street Journal, “The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for 'Get Transcript,' including by enhancing taxpayer-identity authentication protocols."
The IRS believes the cyber thieves have been targeting its web site since February. Although potential sources behind the breach have not been identified, the agency reported back in May that they believe identity thieves that are part of a criminal operation based in Russia as well as other countries could be involved.
The "Get Transcript" online tool is still not back up, and there have been no plans yet for it to relaunch online.
Of course, this isn't the first time the IRS has been targeted by criminals. In 2013, alone, the IRS estimates that it paid out $5.8 billion in fraudulent refunds to identity thieves.
In addition to notifying affected individuals, the IRS plans to offer free credit protection and special identification numbers to help curtail tax-refund fraud in the future.