Thieves used the IRS' "get transcript" system to acquire the data from February through to mid-May, the agency said. From there, a malicious actor would have to input basic information on a targeted taxpayer.
The service has since been shut down. Other IRS databases, including the main tax filing submission system, are said to be unaffected.
"In all, about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles," the agency told the AP. "During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts."
The IRS did not say who it believes was behind the breach. The IRS said it would begin notifying affected tax payers in the coming days.
We reached out to the IRS for comment and further details. We'll update once we know more.