A sophisticated computer hacking operation in Russia got access to thousands more U.S. taxpayer files than originally thought, U.S. tax investigators have disclosed.
Sensitive tax information was stolen from an additional 220,000 people off an Internal Revenue Service website with the goal of using the stolen identities to claim fraudulent tax refunds, the IRS said.
The revelation more than doubles the number of victims to 334,000. The tax agency first disclosed the breach in May.
The thieves went through a system called Get Transcript, where taxpayers can get tax filings from previous years. To access the site, the thieves first cleared a security screen that required knowledge about the taxpayer, including Social Security number, date of birth, tax filing status, and street address, the IRS said.
Armed with that critical personal information, the IRS believes the thieves intended to get even more sensitive information that could help them reap profits from fraudulent refund claims.
While not saying how much money was lost in the latest scheme, the IRS has said it paid out $5.8 billion in fraudulent refunds to identity thieves in 2013.