A sign outside the Internal Revenue Service is seen August 8, 2015 in Washington, DC.
KAREN BLEIER—AFP/Getty Images

The U.S. Internal Revenue Service (IRS) said Monday a hacking attack into one of its computer databases revealed in May was much more extensive than previously thought, with nearly three times as many taxpayers hit by data theft.

The IRS said in late May the tax return information of about 114,000 U.S. taxpayers had been illegally accessed by cyber criminals over the preceding four months, with another 111,000 unsuccessful attempts made.

A new review has identified 220,000 additional incidents where data was breached, the tax collection agency said. It identified another 170,000 suspected failed attempts by third parties to gain access to taxpayer data.

The attackers sought to gain access to personal tax information through the agency’s “Get Transcript” online application, which allowed taxpayers to call up information from previous returns. The system was shut down after the May attacks.

“The IRS believes some of this information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season,” the agency said in a statement.

What Should I Do If I Have Been a Victim of a Data Breach?

It added that it will soon begin mailing letters in the next few days to the taxpayers whose accounts may have been accessed, offering them free credit monitoring and a new personal identification number to verify the authenticity of next year’s tax returns.

In May, the agency said that as a result of the breach, some 15,000 fraudulent returns were processed in the 2015 tax filing season, likely resulting in refunds of less than $50 million.

An IRS official said the agency was reviewing whether the number of fraudulent returns had grown due to the more extensive data breaches, but that requires a manual review of the individual returns.

Read next: What Should I Do If I Have Been the Victim of Identity Theft?

You May Like

EDIT POST