The IRS and its watchdog said Tuesday that the thieves who stole the personal information of 104,000 taxpayers are operating a worldwide criminal syndicate that originates not just in Russia but in many other countries.

“It’s beyond Russia,” J. Russell George, the Treasury Inspector General for Tax Administration, told the Senate Finance Committee at a hearing on the data breach. “The domain names originated in other nations, too. This is coming from several different countries that are syndicated around the world.”

Media reports last week had said the hackers, who used information stolen from previous breaches to complete a complex authentication process and request tax returns and other filings, were located in Russia.

“They cross geographic boundaries and cooperate when it’s in their interest,” Commissioner John Koskinen said of the criminals.

Since the breach is under criminal investigation, George and Koskinen said they could not publicly name the other countries.

“You could be in Florida and be using a router or server and working with a different country on the other side of world,” George said. “There was a report that this was solely from Russia, and that is not accurate.”