The official IRS statement on this is currently here:
The Q & A on the topic is here:
One of the most helpful answers is the following:
Q. What is the IRS doing to protect taxpayers affected by this?
A. The IRS is taking several steps, including marking the accounts of affected taxpayers on our core tax account system to protect them against identity theft
if someone else tries to file a tax return in their name, both right now and in 2016. The IRS is also sending letters to affected taxpayers with additional information, and offering credit monitoring to those whose transcript information was accessed.
Several Q and As directly concern the letter the taxpayers may receive:
Q. I didn’t get a letter. Should I be concerned about the security of my tax information?
A. Protecting taxpayer data is a top priority for the IRS. This incident was isolated to one of our online applications; it did not involve our core system where
taxpayer accounts are housed. We do not believe that general taxpayer information is jeopardized by this incident beyond those affected taxpayers’ transcript accounts.
Q. Should I call to find out if I’m receiving a letter?
A. The IRS advises not calling. Phone lines remain extremely busy due to staffing limitations, and phone assistors will not have access to additional information.
Affected taxpayers will be receiving a letter directly advising them about the attempted or successful unauthorized access to their transcript and how to activate the protections we are offering them.
Q. How do I know the letter is actually from the IRS and not someone else?
A. Taxpayers can contact the IRS if they are unsure of the letter. The IRS emphasizes to taxpayers that in a notification letter like this, it will not request
the taxpayer sensitive personal information such as Social Security numbers or credit card or financial information.
