OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Letter to John Koskinen, Commissioner of the Internal Revenue Service - 2015 Get Transcript Application Data Breach

Letter

Date: Sept. 12, 2016
Location: Washington, DC
Issues: Technology and Communication Taxes Government Operations Criminal Justice

Dear Commissioner Koskinen,

I am writing to follow up on the Treasury Inspector General for Tax Administration (TIGTA) May 2016 report, which found that the Internal Revenue Service (IRS) did not identify and assist all taxpayers potentially affected by the May 2015 Get Transcript application data breach.

TIGTA found that 620,931 taxpayers, who were not identified by the IRS as victims of the breach, as potential victims of the Get Transcript application data breach. Further analysis showed that potentially unauthorized users were successful in obtaining access to 355,262 of those taxpayers' accounts. TIGTA also identified an additional 2,470 taxpayer accounts that were targeted through the breach, but were erroneously excluded from IRS notification.

In addition, TIGTA noted that the IRS did not offer Identity Protection Personal Identification Numbers (IP PINs) or free credit monitoring to 79,122 taxpayers whose tax accounts were identified by the IRS as being involved in an attempted access. As you know, IP PINs are provided to identity theft victims to verify their identities and to prevent someone else from filing a tax return with that taxpayer's Social Security Number. But instead of providing known potential victims with this added protection, I am concerned that these taxpayers' accounts are at an increased risk of fraud. Given that the IRS provides IP PINs to taxpayers who live in high-risk locations for identity theft or taxpayers who report a lost or stolen wallet or purse, it would be consistent with IRS policy to offer these potential victims IP PINs.

Tax-related identity theft causes significant financial and emotional hardship to honest taxpayers. Failing to provide adequate safeguards for known potential victims to securely file their tax returns undermines their confidence in the IRS.

I therefore respectfully request a response to the following questions:

1. Has the IRS issued notification Letter 4281-G to all taxpayers whose accounts were potentially targeted by unauthorized individuals?

2. Has the IRS placed identity theft incident markers on the accounts of all affected and potentially affected taxpayers?

3. Will the IRS issue IP PINs to all taxpayers whose Social Security Numbers were used by unauthorized individuals to attempt to access the Get Transcript application? If not, will the IRS inform these individuals that they may request an IP PIN?

Identity theft can cause problems for victims for years, and the IRS should do whatever it can to minimize this burden - including ensuring that victims and potential victims of the Get Transcript application data breach receive notice and IP PINs to ensure that these taxpayers are not more vulnerable to identity theft than regular taxpayers.

Thank you for your prompt attention to this issue and I look forward to your timely response.


Source
arrow_upward