Another 390,000 taxpayer accounts have been identified as potentially accessed by thieves that hacked into the IRS’s “Get Transcript” online application, the IRS said Friday, bringing the total number of accounts affected to approximately 724,000.
The breach was discovered last May, when the IRS initially identified possible unauthorized access of about 114,000 taxpayer accounts. Then, last August, the IRS revised that figure to 334,000. The application on the IRS website, launched in January 2014, was intended to allow taxpayers to more easily obtain records of their prior tax filings. It has remained suspended since the data breach was first discovered.
Friday’s revelation of the additional accounts potentially breached was the result of a nine-month investigation by the Treasury Inspector General for Tax Administration. In addition, the investigation revealed hackers had targeted another 295,000 taxpayer transcripts but failed to gain access to them.
As in the previous discoveries, the IRS said it will notify taxpayers whose accounts may have been accessed, allowing them to request identity protection personal identification numbers for more secure tax filings, offering free credit report fraud monitoring for a year, and more closely scrutinizing returns with those Social Security numbers.
The latest revelation also comes just days after the IRS also revealed that it had discovered and stopped an attempted attack on its e-filing personal identification number (PIN) system in January. No personal taxpayer data were compromised in that attempted breach, the IRS said.
—Paul Bonner (firstname.lastname@example.org) is a JofA senior editor.