The occurrences of data breaches and mass identity thefts are so alarmingly common that the news stories reporting such instances are becoming routine. Another frustrating reality that we are faced with is that even providing information to the IRS for tax purposes can subject a taxpayer to identity theft. The IRS announced in May of 2015 that identity thieves may have stolen 114,000 taxpayer accounts from an IRS program used to obtain information about tax returns. More recently, the IRS indicated that the initially reported number of stolen accounts was too low – way too low. The total number of accounts now thought to have been accessed by identity thieves is closer to 334,000.00.
Identity thieves often seek out your personal information, including your social security number, in order to file a fraudulent tax return and obtain an IRS refund. This highlights the unfortunate reality that if we are vigilant and work to reduce our risk of identity theft, there are some instances, particularly with a mass data breach, that we cannot control or prevent. If you ever think that you have been a victim of identity theft and had your social security number stolen or compromised, the IRS suggests taking the following action:
- File a report with the police
- File a complaint with the Federal Trade Commission
- Place a fraud alert on your credit report through one of the three credit bureaus: Equifax, Experian, and TransUnion
- Review your credit report and close any account that you did not open
- Complete an IRS Identity Theft Affidavit (Form 14039)
Also, filing your tax return as soon as possible could lessen the likelihood that a criminal will successfully use your information to claim a fraudulent return. Finally, the IRS states that any taxpayer should respond immediately to any IRS notice if you think your SSN has been compromised; however, be aware that criminals will also use the IRS to scam unsuspecting victims by imitating an IRS official to demand payments or personal financial information over the phone or through e-mail.