WASHINGTON — The Internal Revenue Service says the cyberattack on the agency, originally disclosed in May, is much bigger than originally believed.
The IRS now says an additional 220,000 individuals had information stolen from an IRS website three months ago as part of a scheme to use stolen identities to claim fraudulent tax refunds, the Associated Press reported. The total number of potential victims is now 334,000.
The IRS also stated that the breach began in November, not February, as the IRS initially stated.
The AP reported that thieves accessed a system called "Get Transcript," where taxpayers can get tax returns and other filings from previous years. In order to access the information, the thieves cleared a security screen that required knowledge about the taxpayer, including federal pension identification number, date of birth, tax filing status and street address.
The IRS stated that the thieves were accessing its website to get even more information about the taxpayers—using personal information from about 610,000 taxpayers—which could help them claim fraudulent tax refunds in the future, the AP reported.