The Internal Revenue Service said Friday that last year’s attack by hackers involving the agency’s “Get Transcript” online application potentially exposed data belonging to 700,000 taxpayer accounts.
That’s more than twice the number of accounts than the IRS has previously said were possibly affected by hackers. In August, the IRS said 334,000 accounts were involved. Friday’s estimate added an additional 390,000 accounts, boosting the estimated total to more than 700,000.
The hack attack was discovered last May. The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity, the IRS said Friday.
“This expanded review has identified additional suspicious attempts to access taxpayer accounts using sensitive information already in the hands of criminals,” the agency said in a statement.
The IRS said it is “moving immediately to notify and help protect these taxpayers.” Free identity theft protection services will be offered, as well as special “Identity Protection PINs.”
Mailings to these taxpayers will start February 29. The “Get Transcript” web application has been offline since this incident was discovered in May 2015.
“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”
On May 26, 2015, the IRS announced it had discovered that criminals, using taxpayer information stolen elsewhere, had been able to pass procedures to access the Get Transcript application on IRS.gov.