Hackers have compromised over 100,000 Internal Revenue Service (IRS) taxpayers' accounts by exploiting an insecure Get Transcript application.
The IRS revealed the breach in a public statement, warning that hackers had accessed account holders' Social Security information, date of birth and street address before being shut out.
"The IRS determined late last week that unusual activity had taken place on the application, which indicates that unauthorised third parties had access to some accounts on the transcript application," read the statement.
"Following an initial review, it appears that access was gained to more than 100,000 accounts through the Get Transcript application."
"In total, the IRS has identified 200,000 total attempts to access data, and will be notifying all of these taxpayers about the incident."
The Get Transcript application is used by IRS customers to view details about their tax accounts.
The hackers reportedly exploited undisclosed flaws in the app to bypass the main IRS security processes.
"These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer."
The matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS Criminal Investigation unit. The Get Transcript application has been shut down temporarily.
The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed.
"In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including Social Security information, date of birth, tax filing status and street address before accessing IRS systems," explained the IRS.
"The IRS notes this issue does not involve its main computer system that handles tax filing submissions; that system remains secure."
The IRS has taken several measures to protect its customers following the breach, including temporarily shutting down the Get Transcript application while it works to plug the holes.
The IRS has also sent letters and is offering free credit monitoring to affected taxpayers.
The breach has sent ripples through the security community. HyTrust president and co-founder Eric Chiu cited the hackers' success as proof that firms must be more proactive in protecting customer data.
"Attackers are on the hunt for our personal and financial information using data stolen from other breaches to gain a larger amount of information on those same individuals," he said.
"The outcome of this could be devastating to consumers. Attackers can potentially open new accounts, siphon off funds and ultimately steal the identities of the victims.
"Attackers are getting more sophisticated and cyber security presents a huge risk to our economy. It's clear organisations need to do more to protect against this threat."
Data breaches are an increasing problem facing businesses and governments.
Chinese hackers targeted Penn State University's College of Engineering with two "advanced" data stealing attacks in November 2014 that compromised personally identifiable information pertaining to 18,000 individuals before detection.
The attacks are costing the global economy vast sums of money. The FBI estimated that cyber attacks cost US businesses and web users over $8bn in 2014.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith