Criminals may have hacked into more sensitive taxpayer information than previously thought through the Internal Revenue Service website, the agency announced Friday.
An investigation conducted by the agency’s inspector general found that 390,000 additional taxpayer accounts may have been compromised by hackers, the IRS said, on top of the 334,000 it had disclosed, totaling 724,000 accounts.
The inspector general discovered the potential breaches while performing a review of which taxpayers might have had their information accessed between when the faulty application went up on the IRS site in January 2014 and when the breach was first reported in May.
Another 295,000 taxpayers had their information targeted, but the hackers were not able to access their information, the IRS said.
The agency next week is mailing the taxpayers affected to let them know that they may be victims of identity theft and to give them options for improving their security.
“We are moving quickly to help these taxpayers,” IRS Commissioner John Koskinen said.
Friday’s report is the second time that the IRS has disclosed that the breach was bigger than thought. In August, the IRS announced that 220,000 taxpayers’ transcripts may have been accessed, in addition to the 114,000 first reported.
Lawmakers have criticized the IRS and Koskinen for the breach, which came as the agency was under scrutiny from Republicans in particular for targeting conservative political nonprofits for heightened scrutiny.
