The IRS said in late May the tax return information of about 114,000 US taxpayers had been illegally accessed by cyber criminals over the preceding four months, with another 111,000 unsuccessful attempts made.
However a new review has found an additional 220,000 incidents where data was breached. There were also another 170,000 suspected failed attempts by third parties to gain access to taxpayer data.
The attackers wanted personal tax information through the agency’s “Get Transcript” online application, which allowed taxpayers to call up information from previous returns. The system was shut down.
“The IRS believes some of this information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season,” the agency said in a statement.
The taxman will soon begin mailing letters in the next few days to the taxpayers whose accounts may have been accessed, offering them free credit monitoring and a new personal identification number to verify the authenticity of next year’s tax returns.
In May, the agency said that as a result of the breach, some 15,000 fraudulent returns were processed in the 2015 tax filing season, likely resulting in refunds of less than $50 million.