IRS did not discover or help all Get Transcript data breach victims

By Sally P. Schreiber, J.D.

One day after the IRS announced the reopening of the Get Transcript Online application site, the Treasury Inspector General for Tax Administration (TIGTA) released a report on the Get Transcript data breach that found that the IRS failed to identify 620,931 taxpayers whose tax account information was potentially unlawfully accessed. Of those, TIGTA found that 355,262 accounts were successfully accessed by the cybercriminals.

In addition, TIGTA identified 2,470 more taxpayers whose accounts were targeted in the Get Transcript breach that the IRS did not discover because it erroneously failed to look at three system error codes when trying to find victims.

TIGTA also criticized the IRS for failing to place markers for identity theft activity on the accounts of 3,206 taxpayers whose accounts were accessed in the breach.

The final TIGTA criticism was of the IRS’s failure to offer to issue an identity protection personal identification number (IP PIN) or to pay for credit monitoring for 79,122 taxpayers whom the IRS had identified as having their accounts unlawfully accessed.

In the report, The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach (TIGTA Rep’t No. 2016-40-037), TIGTA recommended that the IRS:

  • Use additional methods to identify all individuals affected by the breach;
  • Send letters to the 620,931 taxpayers whose accounts were potentially targeted and place identity theft incident markers on their accounts;
  • Be sure that all authentication system error codes are analyzed in future data breaches;
  • Notify the additional 2,470 taxpayers identified in the report and place identity theft incident markers on their accounts;
  • Place identity theft incident markers on the 3,206 taxpayer accounts; and
  • Issue IP PINs to the 79,122 individuals whose personal information was accessed in the breach.

The IRS agreed with all the recommendations, except for issuing the IP PINs to the 79,122 taxpayers because the current policy is not to issue them in those situations. However, the IRS said it would reevaluate that policy. 

Sally P. Schreiber (sschreiber@aicpa.org) is a JofA senior editor.

SPONSORED REPORT

Revenue recognition: A complex effort

Implementing the new standard requires careful judgment. Learn how to make significant accounting judgments and document them and collaborate with peers for consistent application.

VIDEO

How to Excel pivot a general ledger

The general ledger is a vast historical data archive of your company's financial activities, including revenue, expenses, adjustments, and account balances. J. Carlton Collins, CPA, shows how to prepare data for, and mine data with, PivotTables.

QUIZ

News quiz: Taking an economic snapshot and looking to the future

Recent news included IRS actions that affect individuals and partnerships and a possibly influential move by a Big Four accounting firm.Take this short quiz to see how much you know about the news.