An IRS breach in which thieves stole tax information from thousands of taxpayers is much bigger than the agency originally disclosed. An additional 220,000 potential victims had information stolen from an IRS website as part of a sophisticated scheme to use stolen identities to claim fraudulent tax refunds, the IRS said today. The revelation more than doubles the total number of potential victims, to 334,000. The tax agency first disclosed the breach in May. The thieves accessed a system called "Get Transcript," where taxpayers can get tax returns and other filings from previous years. In order to access the information, thieves cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status and street address.
The IRS believes the thieves were accessing the IRS website to get even more information about the taxpayers, which could help them claim fraudulent tax refunds in the future. "The IRS is moving aggressively to protect taxpayers whose account information may have been accessed," the IRS said in a statement. "The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to 'Get Transcript' taxpayer account information." In all, thieves used personal information from about 610,000 taxpayers in an effort to access old tax returns. They were successful in getting information from about 334,000 taxpayers. The IRS is notifying all potential victims and offering free credit monitoring services as well as a program that assigns them a special ID number that they must use to file their tax returns. (Read more IRS stories.)