Media reports last week had said the hackers, who used information stolen from previous breaches to complete a complex authentication process and request tax returns and other filings, were located in Russia.
“They cross geographic boundaries and cooperate when it’s in their interest,” Commissioner John Koskinen said of the criminals.
Since the breach is under criminal investigation, George and Koskinen said they could not publicly name the other countries.
“You could be in Florida and be using a router or server and working with a different country on the other side of world,” George said. “There was a report that this was solely from Russia, and that is not accurate.”