The Internal Revenue Service’s problems have gotten exponentially worse lately—literally.

In an announcement Friday, the IRS said that it now believes 724,000 taxpayers’ information was stolen in a cyber attack last year, more than double the amount it said was exposed last summer. It’s the second time the IRS has raised its estimate of victims in the hack, which was first discovered last May.

The IRS originally said hackers had accessed 114,000 people’s personal information by downloading their tax returns through a “get transcript” feature on the agency’s website that has since been disabled. But in August, the IRS tripled its count, saying it believed 334,000 people’s information had been breached in the attack. That’s not even including taxpayers whose accounts the IRS said hackers targeted unsuccessfully.

In the meantime, the IRS has again fallen prey to hackers in a separate scheme. Earlier this month, identity thieves accessed information that would allow them to file for fraudulent tax refunds using names of more than 100,000 people whose social security numbers they had previously stolen—but the IRS said that no personal information was stolen from its systems in the breach.

 

The IRS did not say whether it was still in the process of counting people who were affected by the May cyber attack, or if it was possible that the total number of victims could increase further. But at this rate, the odds that taxpayers’ information was stolen just keep going up.