IRS did not discover or help all Get Transcript data breach victims

By Sally P. Schreiber, J.D.

One day after the IRS announced the reopening of the Get Transcript Online application site, the Treasury Inspector General for Tax Administration (TIGTA) released a report on the Get Transcript data breach that found that the IRS failed to identify 620,931 taxpayers whose tax account information was potentially unlawfully accessed. Of those, TIGTA found that 355,262 accounts were successfully accessed by the cybercriminals.

In addition, TIGTA identified 2,470 more taxpayers whose accounts were targeted in the Get Transcript breach that the IRS did not discover because it erroneously failed to look at three system error codes when trying to find victims.

TIGTA also criticized the IRS for failing to place markers for identity theft activity on the accounts of 3,206 taxpayers whose accounts were accessed in the breach.

The final TIGTA criticism was of the IRS’s failure to offer to issue an identity protection personal identification number (IP PIN) or to pay for credit monitoring for 79,122 taxpayers whom the IRS had identified as having their accounts unlawfully accessed.

In the report, The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach (TIGTA Rep’t No. 2016-40-037), TIGTA recommended that the IRS:

  • Use additional methods to identify all individuals affected by the breach;
  • Send letters to the 620,931 taxpayers whose accounts were potentially targeted and place identity theft incident markers on their accounts;
  • Be sure that all authentication system error codes are analyzed in future data breaches;
  • Notify the additional 2,470 taxpayers identified in the report and place identity theft incident markers on their accounts;
  • Place identity theft incident markers on the 3,206 taxpayer accounts; and
  • Issue IP PINs to the 79,122 individuals whose personal information was accessed in the breach.

The IRS agreed with all the recommendations, except for issuing the IP PINs to the 79,122 taxpayers because the current policy is not to issue them in those situations. However, the IRS said it would reevaluate that policy. 

Sally P. Schreiber (sschreiber@aicpa.org) is a JofA senior editor.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.