The Internal Revenue Service said Monday that a hack of its computer databases was far more extensive than previously believed, with more than 300,000 taxpayer accounts now possibly affected by identify thieves.
The IRS said in May that cyber thieves used stolen Social Security numbers and other data to try to gain access to prior-year tax return data for about 225,000 U.S. households, which included 114,000 successful attempts.
But on Monday, the agency said that an additional 390,000 households were targeted, including about 220,000 “where there were instances of possible or potential access” to prior-year return data, the Wall Street Journal reports. There were also some 170,000 additional instances of “suspected attempts that failed to clear the authentication processes,” the IRS added.
The IRS said it would move quickly to notify targeted taxpayers, as well as offer free credit protection. In order to successfully gain access to taxpayers' information, hackers must pass a multistep process that includes intimate knowledge of the taxpayer, including Social Security numbers, date of birth, tax filing status and street address, as well as answer personal questions such as “What was your high school mascot?”
The IRS said Monday it is expanding its security measures for its 'Get Transcript' option, the feature which allows taxpayers to access their tax returns. “The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for `Get Transcript,’ including by enhancing taxpayer-identity authentication protocols,” the IRS said.