The IRS is once again fumbling its response to another major hacking of its online systems that resulted in the identities of more than 100,000 Americans being stolen.

The federal agency just announced that they have shut down the online tool for tax fraud victims to file their taxes electronically because it too was hacked. They are undergoing a security review of this feature in hopes of preventing hackers from using stolen information to file fraudulent claims by requiring taxpayers to reset access codes. Apparently, it isn’t secure enough to ensure the identity of the person resetting it.

Recently, we reported that the Identity Protection (IP) PIN tool had been hacked exposing the Social Security numbers of 101,000 taxpayers. Some 2.7 million IP PINs were created and mailed to taxpayers for the current filing season. According to the IRS, about 130,000 (5 percent) have used the online tool to try retrieving a lost or forgotten IP PIN. Turns out some of these are scammers once again trying to use stole personal information to submit fraudulent tax returns. The IRS now admits it caught 800 fraudulent returns using an IP PIN — four times the 200 cases they claimed last week.

The problem is that the information needed to reset an IP PIN such as a taxpayer's name, date of birth, Social Security number, last filing status, and the mailing address from their last tax return is information that hackers likely already obtained. Additionally, authentication questions could be answered by tapping a person's credit history or scoring online sources such as social media and real estate websites.

With this online system shut down, taxpayers with IP PINs now have to call the IRS to verify their identity and get a new PIN mailed to them. Good luck trying to call the IRS though as they have been pushing taxpayers to use their online tools instead of calling.

The Washington Post reports:

Concerns about the tool were thrust into the spotlight last week after journalist Brian Krebs wrote about a South Dakota woman, Becky Wittrock, who said fraudulent tax returns were filed in her name two years in a row — and that the phony filing this year included her stolen IP PIN. That PIN was meant to add a layer of security to prevent this exact type of problem.

Wittrock was an apparent victim of a type of identity theft known as tax refund fraud, a scam where criminals file phony, often inflated, tax returns in an attempt to steal other people's refunds.

The IRS said Monday that it has stopped 800 fraudulent returns using IP PINs through the end of February, more than four times the "less than 200" figure it cited to The Post last week. In the"Get Transcript" case, the IRS repeatedly raised its estimates of the number of victims. When the agency first acknowledged the problem last May, it estimated that 100,000 people's tax accounts were affected. By late last month, that figure had jumped to more than 700,000 accounts.

As we have contended before, the headaches and financial woes for taxpayers, who are exposed or whose identities were stolen, continues. There’s no good end in view and the IRS has not demonstrated that they have these problems under control.

The IRS sits on a hacker’s pot of gold. We should expect them to be targeted as are retailers and big companies. We should also expect the IRS to respond as quickly ad effectively as private retailers. But that is not how government works.

Nor can we trust their disclosures of the scope of the hackings. Time and time again, estimates are revised up two-, three- and four times the original amount signaling that they truly don’t know the extent of the damage. Meanwhile, the victims are victimized time-and-time again with little help from the IRS.

The IRS is moving more of its customer service functions online and, if this is what taxpayers van look forward to, it's going to be a bumpy ride.