IRS Admits Breach May Have Compromised Over 300,000 Taxpayer Accounts

John Koskinen
IRS Commissioner John Koskinen / AP
August 17, 2015

The Internal Revenue Service admitted Monday that an additional 220,000 taxpayer accounts were potentially compromised by a computer database breach that occurred earlier this year, bringing the total of those affected to almost three times its original estimate.

According to the Wall Street Journalthe government agency said a review turned up 220,000 additional U.S. households "where there were instances of possible or potential access" to prior year tax returns and 170,000 instances of "suspected attempts that failed to clear the authentication processes."

The IRS originally claimed that 114,000 taxpayer accounts were compromised in the breach in addition to 111,000 unsuccessful attempts.

The announcement Monday indicates that the number of those that had information stolen now stands at 334,000, nearly three times the IRS’ original estimate of 114,000.

Hackers between February and the middle of May used stolen Social Security numbers and other personal data to breach IRS accounts and obtain tax return information from prior years.

The computer breaches occurred in an online service called "Get Transcript," an application that helps taxpayers get their return information from prior years. It has since been shut down.

The IRS plans to notify the taxpayers potentially affected as soon as possible and provide them with support, such as free credit protection.

"The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for ‘Get Transcript,’ including by enhancing taxpayer-identity authentication protocols," the agency explained.

The news comes just over a month after the Office of Personnel Management admitted that Chinese-origin cyber attacks on its computer networks compromised the personal data of 22.1 million Americans.

Moreover, defense officials said earlier this month that Russia launched a "sophisticated cyber attack" on the Pentagon’s unclassified email system used by the Joint Chiefs of Staff at the end of July. The breach affected approximately 4,000 military and civilian employees, including Chairman Gen. Martin Dempsey.

Published under: Cyber Security , IRS