IRS data breachJust a few months ago in May, the IRS announced it had been breached by hackers who used data obtained elsewhere to access prior-year tax return information for more than 100,000 Americans. After conducting a more thorough investigation, the agency announced Aug. 18 that its original estimates were way off. In fact, the breach was more than twice as large as originally thought; the attackers gained access to 330,000 taxpayer records, and attempted but failed to gain access to an additional 280,000 — for a total of 610,000 people exposed, compared to the initial estimate of 225,000. This news comes after an extensive review of the 2015 filing season that went back as far as Nov. 2014, uncovering a much wider breach.

This data breach was orchestrated by a crime group who already had personal data — social security numbers, home addresses, birth dates and tax filing status — on the victims. They used this information to clear a security screen in the online IRS app “Get Transcript,” which allows taxpayers to quickly access their prior-year tax returns. Following the discovery and announcement of the breach in May, the IRS shut down the “Get Transcript” website and have yet to reopen it.

What is the IRS doing to help victims?

According to The Washington Post, the IRS is working to notify the additional people whose information was used and/or accessed in this breach. It is offering free credit monitoring, as well as allowing victims to enroll in a program which assigns them a special identification number they can use to file future tax returns. Since the hackers were using social security numbers, birth dates and other personal data to access previous tax returns and file fraudulent ones, this new program will hopefully help victims be able to file without problems.

Any time there is news of a breach within the U.S. government, it’s unsettling. However, what is more worrisome is the apparent lack of understanding of the magnitude of these breaches until many months after the intrusion was discovered. The Office of Personnel Management has been dealing with similar circumstances in its own recently revealed breach — first announcing only four million employees were affected only to amend that to a staggering 21 million Americans affected.

So how can I protect myself?

Be on the lookout for any mail from the IRS notifying you that your personal information was accessed or attempted to be accessed. While some of those affected have already been alerted, it’s clear that many more have not. Additionally, because it took so long for the IRS to realize the breach was bigger than it thought, there is potential that more people could be affected without knowing it. Tax fraud is one of the most frustrating forms of identity theft because its victims usually only find out it has happened when they attempt to file their tax return for the year. You can follow these tips to learn how to protect your identity during tax season.

Another important detail about this data breach to keep in mind is that the criminals already possessed victims’ personal data, which means those people were already victims of identity theft — possibly from another data breach. Protecting your identity in every facet of your life is important, and you can learn what to do and find out how services like identity theft protection can offer a helping hand by following our identity theft blog and by reading our comprehensive reviews on the top-rated services on the market.