IRS: Thieves May Have Stolen Info From 220,000 Additional Tax Accounts

PHOTO: The Internal Revenue Service building in Washington, is shown in this March 22, 2013 photo.Susan Walsh/AP Photo
The Internal Revenue Service building in Washington, is shown in this March 22, 2013 photo.

The number of accounts thought to have been compromised in an IRS data breach earlier this year has tripled, the IRS said today.

The IRS revealed in May that thieves accessed 114,000 tax accounts through the IRS "Get Transcript" application, a program to acquire information about your tax returns. Today, the IRS said a recent review revealed thieves may have had access to approximately 220,000 additional tax accounts, bringing the total number of victims up to 334,000 -- three times the original amount.

The "Get Transcript" program requires personal information, like names, date of birth, and Social Security numbers, to access the system, meaning the hackers previously obtained that private information. The IRS believes the breach began in February and aimed to gather information for thieves to use to file fraudulent tax returns in the next filing season.

The breach was discovered in May, and the IRS informed the 114,000 individuals whose tax accounts were compromised. The IRS also shut down the "Get Transcript" program in May.

The IRS said it will mail letters to the taxpayers whose accounts may have been accessed and will provide free credit monitoring services. The review also identified an additional 170,000 suspected failed attempts to access the application.

"The IRS is moving aggressively to protect taxpayers whose account information may have been accessed," the IRS said in a statement.

The IRS data breach further highlights the growing threat posed by hackers. Earlier this month, the Pentagon said portions of the Joint Chiefs of Staff's unclassified email system may have been affected by a cyber attack. Last month, the Office of Personnel Management revealed 22 million people had their information compromised in a hacking attack.