A breach of taxpayers’ information at the Internal Revenue Service was bigger than initially disclosed, the agency said Monday.
Hackers gained access to the information of as many as 220,000 more people than the 104,000 accounts that IRS Commissioner John Koskinen said in June may have been compromised.
The IRS said it is mailing 220,000 letters notifying people that their information may be compromised. It said that it would also offer free credit protection and Identity Protection PINs to the victims.
The revelation Monday is the result of an IRS review of an earlier incident in the spring, when hackers were able to get access to taxpayer information through an application on the IRS website. The thieves were able to clear the site’s security measures, the agency said, because they already had access to taxpayer data from non-IRS sources.
The stolen data could be used to file fraudulent tax returns in the 2016 filing season, the IRS warned. Earlier, it estimated that it may have wrongly paid out as much as $39 million in refunds because of the breach.
The IRS paid out $5.8 billion in fraudulent refunds in 2013, according to the Associated Press.
Both the Treasury inspector general for tax administration and IRS Criminal Investigation are continuing to review the theft.
In June, the agency announced that it would implement new safeguards against identify theft and fraudulent refund claims, beginning this summer.
