Internal Revenue Service attacked by ID thieves
IRS Commissioner John Koskinen: “The IRS is committed to protecting taxpayers on multiple fronts" Getty

The fallout from the cyberattack against the Internal Revenue Service (IRS) in May last year impacted twice as many US taxpayers than previously reported, the agency has admitted.

When the incident was first revealed, the IRS said that tax return details of just over 100,000 US-based taxpayers had potentially been compromised by cybercriminals targeting an online application called 'Get Transcript'. Three months later, however, the number rocketed to include another 220,000 known breaches and over 170,000 failed hacking attempts.

Now, a nine-month investigation by the Treasury Inspector General for Tax Administration has revealed that roughly 390,000 additional accounts were potentially exploited by the hackers and an extra 295,000 accounts were targeted but not successfully compromised. The officials discovered this fresh spate of accounts after expanding the scope of the investigation to date back to the launch of the Get Transcript portal in January 2014.

According to the IRS, those impacted will start to be notified from 29 February.

IRS Commissioner John Koskinen said: "The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort. We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers."

While not a 'hack' in the conventional sense, the cybercriminals instead used sensitive taxpayer data aquired from other sources – likely underground dark web marketplaces or scrounged off public-facing social media accounts – to assume others' identities and fool the IRS systems into allowing access to personal details.

As a result, the attackers must have already have accumulated a significant amount of verified information about the victims before the attack took place. This differentiates the cyberattack from other recent hacks – including TalkTalk, Target and the US Office of Personnel Management – which all involved the exploitation of computer vulnerabilities to gain access to mass amounts of sensitive data.