I believe that this actually happened to me -- which tells me the 100,000 number is way too low. To be more precise: when we went to electronically file our 2014 return, it was rejected because our return had already been filed (not by us, of course). I (like 80+ million others) am a victim of the Anthem breach, and I have assumed that my fraudulent return was part of that breach. (Regardless, I have opted into the identity protection that Anthem has provided as restitution to victims of the breach.[1])<p>As part of clearing this up with the IRS, I had to verify my own identity and validate that the return that we (physically) sent was the true and correct return. After a whopping 2+ hours on hold, I ran a grueling gauntlet of rather obscure questions that amount to some flimsy shared secrets I happen to have with the IRS. Once my identity was confirmed, I learned that the thieves had filed a 2014 AGI that exactly matched my 2013 AGI. The IRS representative told me that this was unusual (that is, that they normally they just make numbers up), and it's clearly stupid (my return was flagged and didn't pay out), but it obviously left me concerned that someone had somehow located my 2013 return. With this latest revelation, it's now clear that this could have easily happened via the IRS itself.<p>Assuming that my experience is indicative of a larger trend, I expect many more similar revelations as the IRS picks up the debris from the 2014 tax season -- and it wouldn't surprise me at all if the true target of the Anthem breach wasn't in fact the IRS: this crime is just too damn easy to pull off and get away with. The bright side of all this: things very clearly have to change, and I wouldn't be at all surprised if the IRS ends up issuing PINs to all e-filers this coming year.<p>[1] <a href="https://www.anthemfacts.com" rel="nofollow">https://www.anthemfacts.com</a>