New revelations about cybercrime attacks on the IRS are another reminder of how severe a problem wealth management and financial services face from such criminals.

The US Internal Revenue Service says hackers had gained access to the tax returns of more than 300,000 people, which is a far larger number than the agency had previously reported, highlighting the continued threats of cybercrime.

The IRS will send 220,000 letters to taxpayers whose returns were probably viewed by the hackers.

The agency had said in May that criminals using stolen data gained access to tax returns for 114,000 people through software called “Get Transcript” that allows taxpayers to retrieve their returns from previous years. It is understood that the IRS is analyzing more than 23 million uses of the Get Transcript system.

Relying on personal information — like Social Security numbers, birth dates and street addresses – the hackers were able to obtain information from returns to file fraudulent returns, generating almost $50 million in such payments.

When the IRS first identified the problem in May, it determined that these third parties with taxpayer-specific sensitive data from non-IRS sources cleared the Get Transcript verification process on about 114,000 total attempts. In addition, third parties made another 111,000 attempts that failed to pass the final verification step, meaning they were unable to have access to account information through the Get Transcript service.

It is understood the IRS's new review has identified an estimated additional 220,000 attempts where individuals with taxpayer-specific sensitive data cleared the Get Transcript verification process. The review also identified an additional 170,000 suspected attempts that failed to clear the authentication processes. The tax collection organization will begin mailing letters in the next few days to the taxpayers whose accounts may have been accessed.

Given the uncertainty in many of these cases – where a tax return was filed before the Get Transcript access occurred for example—the IRS notices will advise taxpayers that they can disregard the letter if they were actually the ones seeking a copy of their tax return information.

A raft of stories of hacking attacks on private and public sector institutions, including banks, raises questions about the security of the global wealth management industry. This publication spoke to industry figures about this issue, and for an example of their thinking, click here. To see another article about the issue, see here.

"The IRS would have much preferred to get all the bad news out in one shot. This new revelation shows that the IRS still is working out / learning the details of the attack. The fact they are forced to reveal new exposures highlights the lack of good logging and monitoring of network telemetry," Gavid Reid, vice president of threat intelligence at Lancope, said in a commentary about the issue. Lancope is a firm specializing in areas such as security.

Simon Crosby, co-founder and chief technology officer at Bromium, another security specialist firm, said: "The IRS was the last "big piece in the puzzle" for nation state actors seeking to construct a detailed map of US society.  It seems they partially succeeded in this attack. But they will be back.  When will political leaders learn that it is possible, and even straightforward, to make enterprises secure by design against such attacks - and save money doing so?  Virtualization based security is the answer."