The Internal Revenue Service said Friday that more than twice as many taxpayer accounts may have been hit by cybercriminals than the agency previously reported, with hackers gaining access to as many as 700,000 accounts and attempting to break into an additional 575,000.
The disclosure is the second revision by the IRS in the last six months. Last August it said cybercrooks used stolen Social Security numbers and other data to gain access to taxpayer information for as many as 330,000 accounts, up from a number of 114,000 announced in May 2015.
The hackers targeted "Get Transcript," an IRS application that allowed taxpayers to obtain tax return information for prior years, but not the main IRS database. Thieves who want to claim fraudulent refunds prize such information because they can use it to make false returns harder for state and federal antifraud filters to detect.
An IRS official said the newly revised numbers reflect the findings of an audit by the Treasury Inspector General for Tax Administration, which is an agency watchdog. It expanded the time period of the inquiry so that it began January 2014, when the Get Transcript application was first launched. A spokeswoman for TIGTA expects the audit be published in April or May.
In a statement, the IRS said that it is "moving aggressively" to protect the additional taxpayers from tax identify theft. It is notifying by mail both the taxpayers whose accounts may have been accessed and those whose transcripts were targeted but not accessed. The mailings will begin on Feb. 29.
Taxpayers with accounts that may have been accessed can request a special personal identification number, or PIN, for filing their returns. The IRS is also offering them a free Equifax ID theft-protection product for one year and encouraging them to place a "fraud alert" on their credit accounts.
The IRS also said the agency is sharing information about these incidents with state tax authorities as part of the Security Summit effort.
By Laura Saunders