With the IRS now saying thieves actually breached 334,000 taxpayer accounts, not 100,000 as the agency stated in May, more people have growing concerns about their financial information potentially being compromised.
The Internal Revenue Service announced the new figure Monday, saying that it's unclear whether information was actually stolen from each person. Everyone whose account was hacked will receive a letter from the IRS in the coming days.
In its statement Monday, the IRS urged taxpayers to take advantage of its offer to provide free credit protection and identity-protection PINs, noting that next year's tax returns also could be targeted by these cyber-criminals.
Advertisement
“The IRS believes some of this information may have been gathered for potentially filing fraudulent tax returns during the upcoming 2016 filing season, so anyone receiving a letter should take steps to protect themselves,” the IRS statement said.
(More: Know the cyberrisks to thwart them)
Neal Frankle, founder of Wealth Resources Group in Los Angeles, said an IRS account hack is more significant than having information stolen through a corporate breach because of the depth of financial records that could be accessed.
“You couldn't really do worse than having someone get your tax information, unless maybe someone hacked into your credit bureau record,” he said.
Anyone who is particularly nervous about having their identity stolen should do a credit freeze, as long as they won't be applying for a mortgage, car loan or other credit anytime soon, Mr. Doster said.
With a credit freeze, each time someone needs to make a large purchase or get a loan, they have to contact the major credit agencies and ask for a “thaw” for a certain period of time.
Mr. Doster said he plans to freeze his own credit so he can gain first-hand experience of that process and guide any clients who decide to take that route. While he hasn't had his own identity stolen, Mr. Doster has had thieves use his credit card and has received letters like those the IRS is preparing to send out.
“There's so many companies that are getting hacked, there's nothing that will 100% stop client data from being stolen,” Mr. Doster said. “The only way to help the situation is to close down your credit.”
(More: An identity thief breaks down the art of emptying your bank account)
The Federal Trade Commission, in an unrelated case of hacking involving 350,000 Morgan Stanley accounts, found earlier this month that a computer glitch was to blame for allowing a former employee to gain access to client data, not the firm's procedures.
The IRS hackers accessed accounts from the 2015 tax-filing season, and the information that they may have retrieved includes Social Security data, dates of birth and street addresses, the agency said.
(More: How to manage the multitude of passwords)
The cyber-criminals used personal information about taxpayers that they acquired from other sources to answer personal account authorization questions online and gain access to the taxpayers' accounts via the IRS Get Transcript application, which was shut off in May.
The hackers, who have not been identified, attempted to break into another 281,000 taxpayer accounts, but they failed to get through the authentication process. Those taxpayers also will receive a warning letter from the IRS.
(More: Why even the wealthiest people need to keep up with their credit reports)