The agency underestimated the number of taxpayers affected.
The IRS announced Monday that a hack to its website that occurred in May is much worse than it initially thought.
Hackers accessed taxpayer information through the “get transcript” application, which allowed users to recall information that they input in previous tax returns. The system was shut down following the cyber attacks.
The IRS originally believed there had been 114,000 successful breaches and 111,000 unsuccessful attempts. A more recent review has identified an additional 220,000 successful and 170,000 unsuccessful incidents. This brings the total count to a total of 615,000 attempts, about three times more than the IRS formerly thought.
The agency believes that the breached information will be used in 2016 to file fraudulent tax returns, Reuters reports. 15,000 fraudulent returns were filed this year as a result of the hack, likely amounting to under $50 million worth of refunds. The agency is attempting to review whether the number of fraudulent returns increased due to the hack, but it requires officials to review each individual tax return manually, Reuters says.
The IRS will soon mail out letters to the taxpayers whose information had been breached and offer them free credit monitoring and a new personal ID number to ensure next season’s tax returns are unaffected.