The IRS says more taxpayers than it originally believed had their data stolen by hackers. The agency now says the total is more than 300,000.
In May, when it first revealed the breach, the IRS reported some 114,000 taxpayers’ data was stolen. But in what the IRS is calling a “deeper analysis” of the breach, it identified an additional 220,000 cases where hackers got access to taxpayer records. The agency says hackers tried, but failed to access the data of some 280,000 more taxpayers.
The hackers got into the accounts by clicking a link on the IRS website called Get Transcripts. The link allowed taxpayers to get copies of their own back tax returns to use, for example, in applying for loans.
The hackers, who the IRS believes may have been part of an organized crime syndicate possibly based in Russia, were sophisticated.
The IRS says accessing the data meant clearing a multi-step authentication process. So they not only needed a taxpayer’s personal information such as date of birth, Social Security number and address, but also the answers to so-called security questions, like knowing a taxpayer’s high school mascot. The IRS says hackers have accumulated vast amounts of data from social media sources such as Facebook.
The IRS believes that by stealing previous years’ tax returns, hackers can better prepare fraudulent returns and collect “refunds” in the next tax year.
The IRS says it will begin mailing letters in the next few days to the taxpayers whose accounts may have been accessed and is offering a special pin number to verify the authenticity of one’s return. The IRS has since shut down the link.