IRS hack was worse than initially thought

The Internal Revenue Service now says more than 320,000 taxpayer accounts were compromised over the course of nearly eight months.

The IRS hack was much worse than initially reported. (iStockphoto)

The taxpayer information breach at the IRS was much larger than initially reported in May, according to a report in the Wall Street Journal.

An additional 220,000 taxpayers had their information accessed via the IRS’ “Get Transcript” application, including Social Security numbers, dates of birth, tax filing statuses and street addresses. This is on top of the 100,000 accounts initially reported in May, tripling the grand total to 320,000.

The hack also started sooner than originally thought, with thieves attempting to access taxpayer data as early as November 2014. Originally, the IRS said hackers started entering the system in February.


In May, IRS Commissioner John Koskinen said a lot of the data that was used to bypass the “Get Transcript” process was already available through social media accounts, which criminals mine for information they can use for their operations. The criminals keep that information in databases and run scripts that will fill in fields until they match a correct answer for security questions, such as a high school mascot or a pet’s name.

The agency said it is notifying the newly uncovered victims, offering them free credit monitoring services.

Overall, hackers attempted to breach 600,000 accounts through “Get Transcript.”

The lack of cybersecurity resources at the IRS has the attention of the White House. In an updated fact sheet released last week, the White House’s Office of Management and Budget is looking to give the IRS $242 million to protect taxpayer information, a 72 percent increase over 2015. That number pales in comparison to the $5 billion the IRS loses to identity fraud via fraudulent tax returns.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts