A breach of the US Internal Revenue Service system that was reported in May may have have grossly under-reported. At the time, it was estimated that tax records of over 100,000 Americans may have been exposed, but the number may be closer to 334,000 today.
An additional 220,000 potential victims may have had their records accessed or stolen as part of the computer breach, the agency said Monday. The IRS will mail out letters to the 220,000 newly identified victims who are now affected by the breach.
To protect their identity, the IRS will provide free credit monitoring services to the victim, and the agency will assign them a special ID for use when they file their tax returns.
Laxed security the culprit
It's believed that the the IRS network was not hacked, but that thieves were able to access victims' records without authorization as early as February due to laxed security protocols.
Using the IRS "Get Transcript" system, the thieves were able to enter the network by providing the victim's' information, which presumably was obtained from a different source. With knowledge of the victim's' name, social security number, address and other identifiable information, the thieves obtained old tax filings.
The agency believes that thieves attempted to access the records of approximately 610,000 taxpayers, but were only successful in retrieving information from 334,000. When the IRS discovered
The records, security experts believe, could help thieves file fraudulent tax returns in the future. It's estimated that the IRS paid $5.8 billion in fraudulent tax refunds to identity thieves in 2013 alone.