IRS: Taxpayer breach much larger than previously reported

The Internal Revenue Service (IRS) revealed Friday that last year’s data breach was larger than previously reported, saying that hundreds of thousands of additional taxpayers saw their sensitive information compromised.

This is the second time that the agency has revised its original estimate of the size of the breach.

ADVERTISEMENT
This latest review has found that cyber thieves gained “potential access” to around 390,000 taxpayer accounts from January 2014 through May 2015. The attackers targeted an additional 295,000 taxpayer transcripts but were blocked.

When the breach was discovered last May, the agency estimated that the thieves were successful in getting access to 114,000 sets of taxpayer information and were blocked another 111,000 times.

Then, in August, it upped its estimates to 220,000 stolen records and 170,000 unsuccessful attempts.

The thieves were able to break in through the IRS's "Get Transcript" system, which houses previous tax returns and other sensitive information. The agency shut down the system in May.

Officials also believe the breach was part of a broader scheme to steal refunds during next year's filing season.

The IRS is notifying taxpayers whose information was compromised and offering free credit monitoring, as well as other protections.

The fallout from the incident has long been the source of outrage on Capitol Hill, where House Oversight Chairman Jason ChaffetzJason Chaffetz41 Secret Service employees disciplined after Chaffetz leak Overnight Cybersecurity: Guccifer plea deal raises questions in Clinton probe Lawmakers: Social Security vulnerable to hackers MORE (R-Utah) has repeatedly called for IRS Commissioner John Koskinen to be fired.

“I have zero confidence, zero, in IRS Commissioner John Koskinen,” he said earlier this month.