Softpedia >News >Security >Data Breaches
Softpedia Homepage   

IRS: Remember That 100,000 Taxpayers Data Breach? It Was Actually 700,000

IRS officials concludes May 2015 data breach investigation

Feb 27, 2016 22:42 GMT  ·  By
IRS announces that May 2015 data breach was far worse than initially thought
   IRS announces that May 2015 data breach was far worse than initially thought

The US Internal Revenue Service (IRS) has announced that the data breach from last May was actually seven times larger than initially estimated and that the service has taken all the necessary steps to inform all affected individuals.

At the end of May 2015, the IRS announced on its website that crooks managed to access the accounts of around 100,000 US citizens through the Get Transcript service, an official IRS application for viewing and downloading tax transcripts.

The IRS discovered that crooks used details from breaches at other companies to log into the accounts of many US citizens to file fraudulent tax return reports and cash in the money.

At that time, officials said that crooks started accessing accounts since January 2015, up to May, when the breach was discovered.

Initial estimates were way off

After their initial investigation, an IRS spokesperson clarified that crooks accessed the accounts of 114,000 taxpayers, and also targeted, but failed to access another 111,000 accounts.

Later in August, as the investigation continued, this number was modified to 220,000 taxpayers that had their accounts accessed and another 170,000 accounts with failed login attempts.

Now, to top all estimates, the IRS has come out and said that after completing their investigation, which went back to January 2014, when the Get Transcript service was launched, these numbers are even much higher than previously expected.

According to an IRS statement, crooks managed to access 390,000 accounts, and, in addition, failed to log into another 295,000 accounts.

The IRS has started to send notification letters to all these persons, and will be providing a free year of credit monitoring services via Equifax.

At the start of this month, the IRS reported another similar incident. In this attack crooks tried to use data acquired from other breaches to generate E-filing PINs for 464,000 US taxpayers. The IRS mentioned that this was an automated attack, which they've detected, but not before crooks generated 101,000 E-filing PINs.