The US Internal Revenue Service (IRS) admitted Monday that the May scam in which criminals tried to use stolen data on more than 114,000 people to collect tax information was far larger than it originally thought.
Uncle Sam's taxman now claims that on top of the 100,000 or so people whose data had been used to collect tax transcripts, an additional 220,000 Americans also had part or all of their tax records accessed via the IRS Get Transcript site.
The attack, first reported in May, involved a group of criminals using a cache of harvested personal information gathered from other sources to ask the IRS for a person's tax transcript record, a collection of documents that could include everything from tax forms to payroll documents.
In order to obtain a tax transcript, the applicant would need to know the person's social security number, date of birth, street address, tax filing status, and personal verification questions the IRS says are "typically are only known by the taxpayer."
Get Transcript has been shut down since May, when the scam was first uncovered.
In addition to the requests that resulted in records access, investigators logged an additional 170,000 unsuccessful attempts to receive a transcript using plundered personal data.
"The IRS will begin mailing letters in the next few days to the taxpayers whose accounts may have been accessed," the agency said in its notice.
"Given the uncertainty in many of these cases – where a tax return was filed before the Get Transcript access occurred for example – the IRS notices will advise taxpayers that they can disregard the letter if they were actually the ones seeking a copy of their tax return information."
With the plundered documents in hand, the criminals are believed to be intending to file bogus tax returns for the 2016 filing period and pocket the refund.
The IRS said that all people impacted by the attack (anyone receiving a letter) will be able to receive free identity theft protection and will also be given a unique PIN to use when filing their tax returns next year. ®
Sponsored: Ransomware has gone nuclear