Shot: The IRS says it’s perfectly safe for Donald Trump to release his tax returns, whether he’s being audited or not:
“Nothing prevents individuals from sharing their own tax information,” the IRS said in a statement.
Chaser: Yours might already have been released, so to speak. In a Friday afternoon news dump, the IRS admitted that the data breach revealed last year turned out to be far worse than first announced. Tax data involving over 700,000 households may have been compromised, more than double than the last estimate — and seven times larger than first thought:
The IRS statement, originally reported by Dow Jones, revealed tax data for about 700,000 households might have been stolen: Specifically, a government review found potential access to about 390,000 more accounts than previously disclosed.
In August, the IRS said that the number of potential victims stood at more than 334,000 — more than twice the initial estimate of more than 100,000.
“If somebody has all this information … we may see [a] resurgence next year of fraudulent tax returns,” Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, told CNBC in 2015.
The IRS discovered an incident involving its “Get Transcript” application last May, and the Treasury Inspector General for Tax Administration conducted a nine-month investigation. That review turned up the additional accounts that could potentially have been accessed.
Does this sound familiar? It should; we went through multiple re-estimates of the scope and depth of the OPM hack as well. At first, that breach was thought to involve only a few million current government employees, but kept expanding until the number went over 20 million, and also involved the raw investigatory data of security clearances stretching back 20 or more years. Congress still wants answers on that hack, but they will have to keep waiting. The top cybersecurity official at OPM abruptly resigned this week rather than face Rep. Jason Chaffetz at a House Oversight Committee hearing.
So who’s tax returns got “released” in the hack? Letters will start going out to the lucky 700,000 households as early as next week. The IRS says the data will likely be used to file fraudulent returns, so these households will receive a new taxpayer identification number with which to file their required paperwork with the same agency that allowed it to get stolen the first time. And who knows? Perhaps that 700,000 will be just the first wave of a series of victims that turn out to be as numerous as those from the Obama administration’s other catastrophic failure in cybersecurity.