There has been widespread coverage of the massive IRS hack.  The hack of the IRS “Get Transcript” tool on the IRS website has affected 104,000 individuals.  As reported in numerous accounts, the thieves who hacked this system stole information about prior tax refunds.  They then used that information in combination with other personal information they likely already had (e.g., people’s names, SSNs, dates of births).  As Jonnelle Marte reported in The Washington Post, after hacking the “Get Transcript” tool, the thieves now have even more personal information (“A year of credit monitoring won’t put risk to rest”; May 30th; A8).

While the IRS will be flagging the persons who’s transcripts were stolen, they will also be contacting them.  Those 104,000 individuals will be offered free credit reporting.  As Lisa Rein reports in The Washington Post, the IRS will also be contacting 100,00 other people — those are people whose returns weren’t hacked but whose personal information the thieves might have (“How the breach of IRS tax returns is part of a much bigger problem facing taxpayers”; May 29).

The risks of identity theft for the individuals whose tax return information was stolen is very real.  People have to remember that the IRS will contact them through letters not emails.  Why is this important?  Because the hackers now have enough information to send scam emails pretending to be from a credit agency, or even the IRS, and be asking for even more personal information under the guise of needing this to help the affected individuals.