The IRS revealed today that approximately 220,000 more taxpayers than it had previously announced were affected by a breach in its “Get Transcript” Web app.
The breach, which was announced in May (see
As a result of that review, the IRS will be sending letters to about 220,000 taxpayers where there were instances of possible or potential access to “Get Transcript” taxpayer account information. It will also be mailing letters to a further 170,000 households whose personal information could be a risk.
In a statement released today, the IRS noted that it was moving “aggressively” to protect those affected, including offering free credit protection and ID protection PINs.
“The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security,” the statement said.
The criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on the tax accounts through the Get Transcript application. The data included Social Security information, birth dates and street addresses.
Third parties gained enough information from outside sources before trying to access the IRS site, allowing them to clear a multi-step authentication process, including several personal