The National Debt Clock hangs on a wall next to an office for the Internal Revenue Service near Times Square in New York
The National Debt Clock hangs on a wall next to an office for the Internal Revenue Service near Times Square in New York Reuters

The hacking attack on the US Internal Revenue Service (IRS) affected more people than initially estimated, the government agency said.

IRS, which is responsible for tax collection and tax law enforcement in the US, noted its further probe into the matter showed that an additional 390,000 taxpayers were potentially affected, including about 220,000 accounts that were accessed by hackers and about 170,000 failed attempts.

In May, the IRS estimated the total at 225,000, including 114,000 successful attempts and 110,000 failed attempts. At that time, the IRS took into account the period from February to May. The latest review looked at data starting November 2014.

The cybercriminals managed to steal the details by manipulating the Get Transcript API, which enables taxpayers to access previous tax returns they have filed from the IRS online database.

In order to access this information, a user would be given an online form and they would need to correctly fill in certain sensitive details, such as their date of birth, social security number, address and tax filing status, in order to pass the security screening.

The hackers were able to access the data by using personal details obtained from previous data breaches and they downloaded people's prior tax returns in bulk.

The IRS said it would inform the taxpayers whose accounts may have been breached, adding that they would be supported with free credit monitoring services.

"The IRS is moving aggressively to protect taxpayers whose account information may have been accessed," the agency said in a statement.