Remember when thieves took advantage of crappy security on the IRS’ online tax transcript website and stole the personal information of 100,000 people? We already knew that initial number was a lowball, but we didn’t know how low—an IRS audit recently uncovered that over 700,000 people had their accounts breached, and 575,000 others were targeted but not successfully accessed.
As Wall Street Journal notes, the IRS updated this number after tracing the break-in back to the very beginning of the faulty application. This means the government service was exploited by thieves from the very beginning:
An IRS official said the newly revised numbers reflect the findings of an audit by the Treasury Inspector General for Tax Administration, which is an agency watchdog. It expanded the time period of the inquiry so that it began January 2014, when the Get Transcript application was first launched. A spokeswoman for TIGTA expects the audit be published in April or May.
This sucks, and if you were affected, you might not know it yet. The IRS will begin mailing people to tell them they got breached on February 29.