Hackers have exploited an online service of the Internal Revenue Service to gain access to the information of more than 100,000 American taxpayers, the IRS admits.
The IRS said on Tuesday that its “Get Transcript” service had been breached thousands of times between February and mid-May this year during a span that includes the height of the tax season.
According to the Associated Press, the hackers were able to get tax returns and other tax information hosted on the site.
"In all, about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles," the agency said. "During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts."
Another day, another 100,000+ victim hack: http://t.co/6Sdxctu0HC
— Orin Kerr (@OrinKerr) May 26, 2015
That trove, according to AP, may include Social Security numbers, birthdays and other sensitive information.
Details about what exactly was taken and how it was accessed are still developing, however, while the IRS says it is notifying affected taxpayers.
“We’re confident that these are not amateurs but organized crime syndicates that not only we, but others in the financial industry are dealing with,” IRS Commissioner John Koskinen said at a press conference.
Senate Finance Committee Chairman Orrin Hatch calls IRS hack "simply unacceptable." Says agency repeatedly warned data security inadequate.
— Pete Schroeder (@peteschroeder) May 26, 2015
News of the hack comes amid increased calls from Congress and the White House for the government to pass cyber bills, including efforts from the Obama administration to implement rules that would require online services to better protect user data.
“This extraordinary interconnection” made possible by the internet “creates enormous opportunities,” President Obama said during a speech at the Federal Trade Commission in January, “but also creates enormously vulnerabilities for us as a nation and for our economy and for individuals.”
READ MORE: Confirmed: Hackers attacked St. Louis Federal Reserve Bank
Last year, the Royal Canadian Mounted Police said that a 19-year-old hacker had exploited the highly publicized “Heartbleed” bug in order to steal nearly 1,000 records belonging to taxpayers that he pilfered from the Canadian Revenue Agency.
In the US, meanwhile, federal investigators have been probing how cybercriminals have been able to generate profit by filing fraudulent returns through TurboTax, a program that enables Americans to easily pay their taxes to the IRS.
TurboTax maker Intuit said in a statement Tuesday that “this episode reinforces the strategic urgency of the IRS Security Summit process which Commissioner Koskinen has been vigorously leading this year, and which we strongly support.”