Taxpayers can get tax return transcripts online once again

By Sally P. Schreiber, J.D.

Announcing increased security and authentication procedures, the IRS said Tuesday that it had re-instated its Get Transcript Online service, which had been breached by cybercriminals last year. The IRS admitted to the data breach in May 2015, and the service had been shut down since then. Although the IRS originally said that the breach involved 100,000 taxpayers’ accounts, that number was later revised twice to reveal that over 724,000 taxpayers had their accounts hacked.

The IRS announced that the Get Transcript service has returned, after the authentication process was revamped and improved by the U.S. Digital Service, a branch of the Office of Management and Budget (OMB) that brings technical experts into government. The new process meets the standards of the National Institute of Standards and Technology and the OMB (IR-2016-85).

New process

To get started, taxpayers need a readily available email address; their Social Security number (SSN) or individual tax identification number; filing status and address on their last-filed tax return; and access to certain account numbers for their credit card, home mortgage loan, second mortgage loan, home-equity line of credit (HELOC), or their car loan (FS-2016-20).

Taxpayers must also have a readily available U.S.-based mobile phone, and their name must be on the phone account. Taxpayers cannot use landlines, Skype, Google Voice, other virtual phones, or pay-as-you-go phones.

Taxpayers who have a “credit freeze” on their credit records through Equifax must get it temporarily lifted before completing this process.

Because the authentication process involves verifying financial information, there may be what the IRS calls a “soft notice” on the taxpayer’s credit report, but it will not affect his or her credit score.

First-time users of the Get Transcript service must:

  • Submit their name and email address to receive a confirmation code;
  • Enter the emailed confirmation code;
  • Provide their SSN, date of birth, filing status, and address on the last filed tax return;
  • Provide certain financial account information for verification such as the last eight digits of their credit card, or car loan, or home mortgage or home-equity account number;
  • Enter a mobile phone number to receive a six-digit activation code via text message;
  • Enter the activation code;
  • Create a username and password, create a site phrase, and select a site image.

Returning taxpayers who have not yet completed the new process must log in with an existing username and password; submit financial account information for verification (e.g., the last eight digits of a credit card number); submit a mobile phone number to receive an activation code via text messaging; and enter the activation code.

Those who have completed the new secure process can come back and log in with their existing username and password; receive a security code text message via the mobile phone number that was provided when the account was set up; and enter the security code to secure access.

Taxpayers who cannot get the process to work can go online and request Get Transcript by mail. The IRS says the transcript will be mailed to the address of record within five to 10 days.

Sally P. Schreiber ( is a JofA senior editor.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.