Back in May of this year, the Internal Revenue Service reported that their system had been hacked to expose the personal information of more than 100,000 people. The cyber attack seemed to be the start of more personalized attacks, and set many people on edge.
However, the IRS now says the number they reported was false, and that the number of people affected is closer to 300,000. The hackers gained access to the tax returns of those affected.
The agency says that they will be sending out more than 220,000 letters to those affected, letting those taxpayers know that their refunds were likely seen by the hackers. The warning will allow those affected to watch their personal finances more carefully over the next couple of years, to ensure that their identity was not stolen and/or their tax returns are not tampered with.
When the original report was released, the IRS said that the hackers had used stolen data to get into their system. They were then able to view 114,000 tax returns using software called “Get Transcript,” which was previously used for taxpayers to access their tax returns from previous years.
The IRS also said that the hackers were using and had access to personal information such as Social Security numbers, birth dates, and street addresses. This allowed them to get through the authentication process. They used the information to file fake returns in order to gain almost $50 million in refunds, which could be detrimental in the coming years for the personal finances of those affected.
In addition to the 300,000 known to be affected, the agency will contact 170,000 other taxpayers whose accounts the hackers attempted to gain access to, but failed to actually do so. Tax returns are already difficult for many, as 40% of those who believe they owe taxes are unprepared to pay up. The hacks could affect those people’s personal finance issues even more now.
“We have seen the number of clients that have a fraudulent tax return filed using their social security number increase substantially each tax season,” says Christina Klein, CPA, Klein Hall CPAs. “Only one tax return can be filed each year per social security number. Therefore, if you file your tax return earlier in the season rather than at the end no one else will be able to use your social security number to file a fraudulent return.”
Perhaps the most worrying thing of this situation is the emergence of a pattern in federal agencies. When something like this happens, they report one number initially, only to backtrack months later and say that there were many more affected than they originally thought.
“Following an incident involving the IRS’s ‘Get Transcript’ web application discovered in May, the IRS conducted an extensive review covering the 2015 filing season to assess whether other suspicious activity occurred,” the agency said.
“Following this review,” its statement continued, “the IRS has identified more questionable attempts to obtain transcripts using sensitive information already in the hands of criminals. As a result, the IRS is moving immediately to notify and help protect these taxpayers.”
The agency also said it would take “a wide variety” of steps, such as offering free credit protection.