More than 100,000 taxpayers had their information accessed by thieves using an online service from the IRS, according to the Associated Press.
According to the IRS, the thieves used a system called "Get Transcript" to access information, targeting the system from February to mid-May. The service has been temporarily shut down.
The agency said 200,000 attempts were made from questionable email domains and 100,000 of the attempts cleared authentication hurdles. "The IRS notes this issue does not involve its main computer system that handles tax filing submission; that system remains secure," the agency said in a statement.
Senate Finance Committee Chairman Orrin Hatch said in a statement that IRS Commissioner John Koskinen had informed him of the data breach last week by phone, but he did not disclose the breach earlier as it related to an ongoing investigation.
"That the IRS—home to highly sensitive information on every single American and every single company doing business here at home—was vulnerable to this attack is simply unacceptable," Hatch said. "What's more, this agency has been repeatedly warned by top government watchdogs that its data security systems are inadequate against the growing threat of international hackers and data thieves."
Hatch added that it was important to learn who was behind the attack and what information was stolen from taxpayers. He said Congress and the White House should work to better protect taxpayers from cyber threats.
This article is from the archive of our partner National Journal.
Eric Garcia is a staff correspondent for National Journal. He previously was a transparency reporter for MarketWatch, where he reported on financial regulation issues. His work has also appeared in the Southern Political Report, Salon, the American Prospect and the New Republic. He is a graduate of the University of North Carolina at Chapel Hill, and covered politics for its campus paper, the Daily Tar Heel.