The Trojan horse was of such a new variety that the agency's antivirus software, which is updated every two hours for security reasons, had not yet been updated to protect against it, Hardin said. The agency reported the malware's strain to the antivirus vendors, who then updated their software.

There have been no reports of identity theft connected to the incident so far, though about 200 people have called with questions, according to Hardin. "People seem to be understanding," she said. "Nobody has reported any kind of suspicious activity."

All 2,300 affected taxpayers have been offered help in guarding against identity theft. The agency is looking into providing a year's worth of free credit monitoring services for each of the taxpayers and will soon contact them about how to sign up for that program, Hardin said. The department also set up a Web page listing frequently asked questions about the Trojan horse to provide more information.

"This has been very difficult for us," Hardin said. "Protecting the confidential information of our taxpayers is at the core of what we do."