An automated attack on the Internal Revenue Service’s computer systems in January used stolen personal data to create fake logins through the agency’s Electronic Filing PIN service.
About 464,000 Social Security numbers were used in the attack on the IRS.gov system, the IRS said late on Tuesday, and 101,000 of those numbers allowed the attackers to get at an E-file PIN. The PIN can be used to electronically file a tax return.
“No personal taxpayer data was compromised or disclosed by IRS systems,” the IRS said in a statement on Tuesday. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”
Read More: IRS Breach Puts Spotlight on the Internet's 'Costco of Cybercrime'
Social Security numbers and other items of personally identifiable information that can be used to steal someone’s identity or file a fraudulent return are regularly sold by hackers for as little as a few dollars.
The IRS said that the attack was not related to an outage of its computer systems that hampered its ability to process tax returns last week.
Hackers in 2015 were able to access tax information for what may have been as many 338,000 victims through the IRS’ Get Transcript system, the IRS previously reported. That system allows taxpayers to pull up returns and filings from years past.