IRS Did Not Discover or Help All Get Transcript Data Breach Victims

By Sally P. Schreiber, J.D.

One day after the IRS announced the reopening of the Get Transcript Online application site, the Treasury Inspector General for Tax Administration (TIGTA) released a report on the Get Transcript data breach that found that the IRS failed to identify 620,931 taxpayers whose tax account information was potentially unlawfully accessed. Of those, TIGTA found that 355,262 accounts were successfully accessed by the cybercriminals.

In addition, TIGTA identified 2,470 more taxpayers whose accounts were targeted in the Get Transcript breach that the IRS did not discover because it erroneously failed to look at three system error codes when trying to find victims.

TIGTA also criticized the IRS for failing to place markers for identity theft activity on the accounts of 3,206 taxpayers whose accounts were accessed in the breach.

The final TIGTA criticism was of the IRS’s failure to offer to issue an identity protection personal identification number (IP PIN) or to pay for credit monitoring for 79,122 taxpayers whom the IRS had identified as having their accounts unlawfully accessed.

In the report, The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach (TIGTA Rep’t No. 2016-40-037), TIGTA recommended that the IRS:

  • Use additional methods to identify all individuals affected by the breach;
  • Send letters to the 620,931 taxpayers whose accounts were potentially targeted and place identity theft incident markers on their accounts;
  • Be sure that all authentication system error codes are analyzed in future data breaches;
  • Notify the additional 2,470 taxpayers identified in the report and place identity theft incident markers on their accounts;
  • Place identity theft incident markers on the 3,206 taxpayer accounts; and
  • Issue IP PINs to the 79,122 individuals whose personal information was accessed in the breach.

The IRS agreed with all the recommendations, except for issuing the IP PINs to the 79,122 taxpayers because the current policy is not to issue them in those situations. However, the IRS said it would reevaluate that policy. 

Sally P. Schreiber (sschreiber@aicpa.org) is a Tax Adviser senior editor.

Newsletter Articles

SPONSORED REPORT

Year-End Tax Planning and What’s New for 2016

A look at year-end tax planning strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

PRACTICE MANAGEMENT

CPAs Contend With Tax ID Theft

Tax-related identity theft fraud remains a widespread problem that is often difficult for victims and their tax preparers to correct.