Skip Tags

Popular Tags

Decorative icon

The Resource Center Identity Theft & Protection The Resource Center Online Security Issues & Protection The Resource Center | article

IRS Reveals Tripled Estimate of Data Breach Victims

A more thorough analysis of this year's IRS data breach reveals that the victim count may be even worse than originally believed.While the Internal Revenue Service (IRS) has, in recent years, stepped up its game to combat the growing threat of identity theft and curb the rate of tax fraud, the agency is still struggling to catch up to cyber criminals. Each year, fraudulently filed tax returns account for billions of dollars stolen from well-deserving American tax payers. A few months ago, the IRS incurred another major setback in its identity protection efforts when it reported that one of its databases had been compromised by hackers. In May, its official statement on the situation indicated that tax returns belonging to as many as 100,000 households may have been taken in the data breach. A more thorough analysis of the incident now reveals that the victim count may be even worse than originally believed.

On August 17, The Wall Street Journal reported that in addition to the 100,000 known victims, another 390,000 taxpayers may have been further compromised in the data breach. The IRS confirmed that figure, stating that “there were instances of possible or potential access” to tax returns for 220,000 additional households. Another 170,000 similar cases had also cropped up, though the agency tempered that figure by saying “these suspected attempts had failed to clear the authentication process.” But even ignoring that last estimate, the tally for tax fraud and potential ID theft victims now stands at roughly 320,000, more than triple the total that the IRS had disclosed three months ago.

“The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for ‘Get Transcript,’ including by enhancing taxpayer-identity authentication protocols,” the agency said in an official statement.

According to, the hackers involved were able to bypass a security checkpoint in Get Transcript — the web portal that allows tax filers to see their returns from past years — that requires the user to submit specific personal information, like birth dates and Social Security numbers. The IRS had previously come under fire from Congress in June, when Treasury Inspector General J. Russell George testified that the agency had failed to implement computer security updates prior to the data breach.

“I can say it would have been much more difficult [for the hackers to succeed] had [the IRS] implemented all of the [security] recommendations that we made,” said George.

Although IRS Commissioner John Koskinen denied that these updates would have made much difference, he did confirm that identity thieves have since claimed $39 million in fraudulent tax returns by using personal information stolen from the agency’s database.

Situations like these can be discouraging reminders that no matter what efforts you take to protect your identity, there will always be the risk that someone with your information and isn’t taking the same precautions can leave you vulnerable all the same. But while there’s nothing you can do about personal information out of your hands, you can still take measures to ensure another party’s mistakes or unsecured websites don’t expose you to identity theft. Sign up for a credit monitoring services today to receive alerts whenever activity that may be signs of fraud emerges on your credit accounts.