After a nine-month long investigation of an IRS cyber-attack, the tax agency has found that cybercriminals in a 2015 data breach attempted to access about 390,000 more taxpayer accounts than first predicted. Originally, the IRS announced tax return information of 114,000 U.S. taxpayers, then was breached with another 111,000 failed attempts. In August, a further investigation revealed that the number of compromised accounts could be as high as 334,000. On Friday, February26, the number was raised by an additional 390,000 accounts, totaling the number to more than 700,000 potential breached tax return accounts.
The cybercriminals gained access of this personal tax information through the IRS’s “Get Transcript” online application, which uses information from previous tax returns. Since the incident was discovered in May, the application has been offline. In response to the attack, IRS Commissioner John Koskinen said the agency will “mail notifications and assistance offers to taxpayers whose accounts showed signs of suspicious access.” Those affected will also be given a free Equifax identity theft protection product for one year. “The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” said Koskinen. What’s more, the IRS has also recently discovered a phishing scheme where cybercriminals ask for confidential employee information such as W-2 forms, Social Security numbers, date of birth and salary while posing as company executives. The IRS warns payroll and human resources departments to beware of such phishing schemes.