An IRS computer breach, first disclosed in May, is much worse than previously thought.

The IRS announced at the end of May that thieves gained access to information on more than 100,000 taxpayers as part of a scheme to receive fraudulent tax returns.

Now, however, the number of potential victims has increased to 334,000, more than doubling the original estimate.

According to CBS News, IRS investigators place the attempt as part of a “sophisticated criminal operation based in Russia.”

In 2013, about $5.8 billion in fraudulent refunds were paid out, according to IRS estimates.

A few months ago, a data breach at the Office of Personnel Management led to China obtaining forms with personal information on about 4 million former, current, and prospective government workers.

Including other data breaches, such as Edward Snowden’s leaks, government IT security has had a rough decade.

As with other security systems, risks and threats don’t remain static. Technological improvement and human error make quality security a never-ending battle.

It can take weeks or months to discover how penetrating a hack or data breach was. How to deal with those issues, especially for the government, will remain a difficult question to answer.