IRS did not discover or help all Get Transcript data breach victims

By Sally P. Schreiber, J.D.

One day after the IRS announced the reopening of the Get Transcript Online application site, the Treasury Inspector General for Tax Administration (TIGTA) released a report on the Get Transcript data breach that found that the IRS failed to identify 620,931 taxpayers whose tax account information was potentially unlawfully accessed. Of those, TIGTA found that 355,262 accounts were successfully accessed by the cybercriminals.

In addition, TIGTA identified 2,470 more taxpayers whose accounts were targeted in the Get Transcript breach that the IRS did not discover because it erroneously failed to look at three system error codes when trying to find victims.

TIGTA also criticized the IRS for failing to place markers for identity theft activity on the accounts of 3,206 taxpayers whose accounts were accessed in the breach.

The final TIGTA criticism was of the IRS’s failure to offer to issue an identity protection personal identification number (IP PIN) or to pay for credit monitoring for 79,122 taxpayers whom the IRS had identified as having their accounts unlawfully accessed.

In the report, The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach (TIGTA Rep’t No. 2016-40-037), TIGTA recommended that the IRS:

  • Use additional methods to identify all individuals affected by the breach;
  • Send letters to the 620,931 taxpayers whose accounts were potentially targeted and place identity theft incident markers on their accounts;
  • Be sure that all authentication system error codes are analyzed in future data breaches;
  • Notify the additional 2,470 taxpayers identified in the report and place identity theft incident markers on their accounts;
  • Place identity theft incident markers on the 3,206 taxpayer accounts; and
  • Issue IP PINs to the 79,122 individuals whose personal information was accessed in the breach.

The IRS agreed with all the recommendations, except for issuing the IP PINs to the 79,122 taxpayers because the current policy is not to issue them in those situations. However, the IRS said it would reevaluate that policy. 

Sally P. Schreiber ( is a JofA senior editor.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.