But today the agency admitted that number is much larger, there being closer to 334,000 potential victims.
One thing remains consistent: the hackers didn't have access to the full IRS network, only the part dedicated to an online service called “Get Transcript,” which allowed taxpayers (or sophisticated hackers, as it turns out) to get online copies of previous years' tax returns – which is often required for people getting a mortgage, among other things. So if you never had a “Get Transcript” account with the IRS, you have nothing to worry about regarding this breach.
More compromised accounts
On the other hand: if you did have such an account, the chances that your information has been compromised are much higher than the IRS originally admitted.
So far the IRS has not identified any possible suspects, but last May it said it suspected the identity thieves operated somewhere in Russia. In a statement today, the agency said that “As it did in May, the IRS is moving aggressively to protect taxpayers whose account information may have been accessed. The IRS will begin mailing letters in the next few days to about 220,000 taxpayers where there were instances of possible or potential access to 'Get Transcript' taxpayer account information.”
Note that the IRS statement specifically said the agency would be mailing letters to affected taxpayers – not sending emails or making phone calls. It's a pretty safe bet that phishing scammers and other online criminals will try using this latest IRS announcement to trick people into either installing dangerous malware on their devices, or giving away their passwords, Social Security numbers, and other sensitive information. Any email, text message, or phone call allegedly about this IRS hack can safely be ignored.