Almost three months after the Internal Revenue Service said identity thieves accessed more than 100,000 taxpayer accounts in its databases, the agency says that a review shows more accounts were exposed and there were more attempts to gain access to them than previously reported.

In May, the IRS said a group of criminals (possibly Russian hackers) had used stolen Social Security numbers and other information gleaned from the agency’s Get Transcript system to try to get unauthorized access to prior-year tax return information for about 225,000 U.S. households. That number included 114,000 attempts that were successful and 111,000 that weren’t.

But today, the IRS said a review showed that cyber attackers got their hands on a potential additional 390,000 taxpayer accounts, and there were more than 600,000 breaches attempted, the IRS announced Monday, as reported by the Wall Street Journal.

The agency said in a statement that its review showed that there were 220,000 additional households “where there were instances of possible or potential access” to prior-year return data, and 170,000 more “suspected attempts that failed to clear the authentication processes.”

The IRS will, like before, immediately notify affected taxpayers, offer free credit production and issue special identification numbers to cut down on instances of refund fraud.

“The IRS takes the security of taxpayer data extremely seriously, and we are working to continue to strengthen security for `Get Transcript,’ including by enhancing taxpayer-identity authentication protocols,” the agency said. That service was shut down when the breaches came to light in May.

IRS Says Cyberattacks More Extensive Than Previously Reported [Wall Street Journal]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.