The Washington PostDemocracy Dies in Darkness

IRS says breach of taxpayer data far more widespread than it first thought: 610,000 taxpayers at risk

(Daniel Acker/Bloomberg)

An attack by hackers who stole sensitive personal information from thousands of taxpayers was far more widespread than the Internal Revenue Service first disclosed, officials said Monday as they released new estimates that 610,000 Americans were affected.

The revelation more than doubles the number of estimated victims of the breach. The hackers were able to clear security screens requiring the person’s Social Security Number, date of birth, tax filing status and street address, officials said.

The IRS reported in May that the cybercriminals had used stolen Social Security numbers and information they got elsewhere to try to gain access to old tax return information for about 225,000 households. That included about 114,000 successful attempts and 111,000 unsuccessful ones.

On Monday, the agency said an “extensive review” of the 2015 filing season uncovered a far wider breach — an additional 390,000 affected taxpayers, including about 220,000 additional households “where there were instances of possible or potential access” to prior-year return data, the IRS said in a statement. The new numbers also include about 170,000 additional “suspected attempts that failed to clear the authentication processes,” meaning the hackers failed to clear a security screen that required them to know more information about the taxpayer.

[Hackers stole personal information from about 104,000 taxpayers, IRS says]

“The IRS is moving immediately to notify and help protect these taxpayers,” the agency said. “The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for ‘Get Transcript,’ including by enhancing taxpayer-identity authentication protocols.”

“Get Transcript” is the online service the IRS uses to give Americans access to their past tax returns. The hackers used the service as their entry point, using questionable e-mail domains. IRS officials said the cybertheft was part of a sophisticated scheme to get as much information as possible about the taxpayers, then use stolen identities to claim fraudulent tax refunds.

In all, the thieves used personal information from about 610,000 taxpayers in an effort to gain access to old tax returns.

[IRS failed to address security weaknesses, making cyberattack more likely, watchdog says]

Officials said they are notifying all potential victims and offering them free credit-monitoring services. The agency also is offering to enroll potential victims in a program that assigns them a special ID number that they must use to file their tax returns.

The IRS believes the thieves started targeting the Web site in February. On Monday, officials did not identify a potential source of the crime. But in May, they said they believe the identity thieves are part of a sophisticated criminal operation based in Russia.

The “Get Transcript” Web site was shut down in May and is still not back up.

[How the breach of IRS tax returns is part of a much bigger problem for taxpayers]

About 23 million transcripts of past tax returns are legitimately downloaded each filing season, officials said.

The IRS has since added safeguards to prevent similar schemes, but Commissioner John Koskinen has said repeatedly that it is hard for the agency to stay ahead of the criminals. The IRS estimates it paid out $5.8 billion in fraudulent refunds to identity thieves in 2013.

Read more:

A standard dejection in the IRS help line