Individuals experiencing non tax-related impact may call and request that IRS take action to protect their tax account information. Callers should be advised to take the following actions. For a clear definition of taxpayer identity theft not affecting tax administration (Non-Tax-Related Identity Theft), refer to IRM 110.5.3.2.2.2, Taxpayer-Identified Identity Theft Not Affecting Tax Administration.

Advise callers that ID theft documentation should be submitted by mail or fax.

Advise callers they should receive a notification letter from the IRS within 90 days of receipt of all required documentation attached to the Form 14039.

Record history of the taxpayer contact using the Accounts Management System (AMS) if TIN was obtained and disclosure verified.

Individuals may call to report tax-related identity theft. For example, callers may reference an unknown person filing a tax return under their Taxpayer Identification Number (TIN) , receipt of a notice or tax bill related to unknown income, or notification of an audit. For these situations, advise callers to obtain acceptable identity theft documentation. For a clear definition of identity theft affecting tax administration, refer to IRM 10.5.3.2.2.1, Taxpayer-Identified Identity Theft Affecting Tax Administration.

Individuals not required to file a return may also be negatively impacted by tax-related identity theft. For example, a caller may state the Social Security Administration (SSA) has reduced or stopped his/her Social Security benefits based on a tax return filed with the IRS. The caller indicates that he/she has not filed a return. When this type of call is received, follow the instructions below.

If during your research there appears to be an MXEN, IDT1, IDT3 or SCRM control, see IRM 21.6.2.4.2.1, Telephone Inquiries Regarding MXEN, IDT1, IDT3 and Scrambled Cases for additional information/guidance.

Record history of the taxpayer contact on AMS if the TIN was obtained and disclosure verified.

If the caller used the 800–908–4490 number and there is currently an active relevant open control on the tax period in question, advise the caller that his/her account will be monitored through the research/resolution process. Relevant open controls include those related to AM, Automated Underreporter (AUR), Examination or Collection and any CI related controls that have or may result in adjustment activity. IPSU CSRs will complete Form 14027-A, Identity Theft Case Monitoring, and record a short description of the information provided to the caller in Section III; fax the form to the Image Control Team (ICT) in Andover using the designated fax number (978)247–9965; record history on AMS indicating the form was faxed (ex: 14027TOICT); and refer to IRM 21.3.5.4, Referral Procedures, to provide the taxpayer with the proper time frame for a response.

If the caller used the 800–908–4490 number and they are stating they received a 4403C letter, ID Theft - AM Point of Contact Letter (for Monitor Cases) letter but have lost the contact name and phone number of the employee, verify a 4403C letter was issued by researching command code (CC) ENMOD. Check for an open IDTX control on TXMOD. Complete a Form 4442, Inquiry Referral to the employee with the open control.

If there is no open IDTX control, instruct the taxpayer to write in with their issue, and attach any notices or letters they have received to the address indicated on that letter or notice.

Taxpayers may submit Form 14039, Identity Theft Affidavit, alone or with correspondence referencing an issue that involves tax related identity theft (a tax administration issue). If the taxpayer's inquiry involves a TIN related problem, then refer to IRM 21.6.2.4.2.2, Taxpayer Inquiry Involving Questionable Ownership of a Primary or Secondary TIN on a Filed Return, for guidance.

Taxpayers may also submit Form 14039, Identity Theft Affidavit alone or with correspondence referencing an issue that requires a response from IRS, but NOT involving tax related identity theft (a tax administration issue). Examples include, but are not limited to, inquiries related to TOP offset, misapplied payments, request for transcripts, etc. Action to mark a taxpayer's account for non-tax related identity theft (AC504) should be considered after the specific issue has been addressed.

Use the appropriate section(s) of IRM 21 to address the specific issue raised by the taxpayer. The following chart lists a few examples and is not intended to be all inclusive.

After addressing the taxpayer's non-tax-related issue, action may be required by IPSU to mark the taxpayer's account with the appropriate indicator.

Review the taxpayer account to ensure there are no tax-related issues and/or current open controls.

Review the case to ensure the taxpayer submitted all required identity theft documentation.

If the taxpayer requests the Self Identified Non Tax Relief indicator be reversed/removed, refer to Exhibit 10.5.3–7, TC 972 AC 504 - Reversal of TC 971 AC 504.

Controls will be opened to the paper function for purpose of monitoring when the taxpayer has indicated tax-related identity theft. Cases may be received directly from the taxpayer or via referrals from the IPSU call sites.

Review the account to ensure there is an open control and/or an identity theft related tax-administration issue is in progress.

Check for history indicating Form 14027-A, Identity Theft Case Monitoring, was sent to ICT and the image is present on CIS. Complete Form 14027-B, Identity Theft Case Referral .

If the Form 14027–B, Identity Theft Case Referral, will be sent to Accounts Management functions then take the following actions when appropriate:

If the referral is being sent to a function other than Accounts Management, then fax the Form 14027–B to the appropriate identity theft liaison using the ID Theft Liaison listing located on SERP under the Who/Where tab. The title of the fax must say "New Form 14027–B" if sending for initial contact. For subsequent faxes the subject line must contain "Form 14027-B Follow-up - 1st (2nd, 3rd...etc)" , depending on how many times a follow-up is needed.

Record history on AMS identifying the function where the form was faxed (ex: 14027TOAUR).

Once the Form 14027-B, is faxed or linked on CIS, take the following action:

Review the account to determine if all necessary actions have posted and all function/employee controls are closed.

Close the control when all account action(s) have posted.

Once IDTX is closed, a global review will be required. See IRM 21.9.2.7, Global Review .

If a late response is received, research the account to determine if action is needed.

When resolving UPC147 conditions within Submission Processing, the Entity function will initiate Letter 4457C , UPC 147 - ID Theft Attempt Letter letters to SSN owners andLetter 4456C, UPC147 - Temporary Number Assignment Letter letters to unauthorized filers as closing notification letters. Taxpayers may subsequently contact the IPSU with questions related to identity theft and/or information to correctly post a return.

All research must include both the valid and invalid sides of the TIN (and Secondary TIN, if present). The valid and invalid sides of any cross-reference TIN(s) must also be researched.

All systems and research tools available must be used (AMS, IDRS, Accessory Manager Tools (also known as IAT) etc.)

Access Command Code (CC) ENMOD(IMFOLE) and locate the TC971 AC501/506. Use the "SCNDRY-DT" to determine the earliest year of impact. If the SCNDRY-DT shows 12312005, you would review TXPD 200512 and subsequent modules within the definition of the global review.

Access the taxpayer's account using IDRS and CFOL command codes available. Review the tax modules related to the incident. Apply the definition of Global Review to determine if there are any subsequent issues which may require follow-up/referral.

Cases involved with the Global Review should ONLY be referred to another function when the case can not be resolved within Accounts Management using AM criteria. Refer to Exhibit 21.3.5-1, Referral IRM Research List for cases requiring referrals to another function per the IRM.

Perform preliminary research and take appropriate action using the chart below:

If account does not meet criteria in paragraph (1), follow guidance provided in the chart below:

When issuing a referral, update the control base on IDRS to reflect the contact using the following activity codes (follow-up date is required):

A follow-up must be done every 60 days from the date of original referral. The follow-up can be completed by:

Review the account to determine if all necessary actions have posted and all function/employee controls are closed.

Close the control on ENMOD to reflect the Global Review is complete when all account action(s) have posted - "GRVWCMPLTD" .

Depending on the compromised data incident, the IRS notification letter may include:

When taking calls from impacted individuals, a consistent and proper greeting is required. Refer to procedures in IRM 21.1.1.7, Communication Skills.

Procedures in IRM 21.1.3.2.3, Required Taxpayer Authentication MUST be followed. Employees will be required to authenticate callers to ensure the person calling is the individual impacted by the information loss.

Since this process has to do with information loss, and not specifically tax related issues, Powers of Attorney (POA) are not, under any circumstances, able to represent impacted individuals. A POA cannot request credit monitoring services via Equifax.

High risk authentication per IRM 21.1.3.2.4, Additional Taxpayer Authentication, will also be required. In this process, asking the caller for the Incident Date and Incident Number will also be part of the authentication process. The incident date is located in the first paragraph of the Letter 4281C, IM Breach Notification Letter.

In some situations, a caller may want to receive as much information as possible on his/her information loss, but is not willing to provide their TIN. In these situations, the employee may still answer general questions about the incident and answer all the taxpayer's questions using the Frequently Asked Questions (FAQ) document posted on SERP. CSRs should be sensitive to the caller's tone and ensure they are given as much information as they are entitled to receive without the caller providing their TIN.

In some breach notification incidents, impacted individuals receiving notices may be IRS employees. In these cases, follow guidance in IRM 21.1.3.8, Inquiries from IRS Employees.

Part of the assistance the IRS is offering to impacted individuals is free credit monitoring services. The IRS has contracted with Equifax to have letter recipients receive these free credit monitoring services if the individuals choose to do so.

IPSU CSRs do not have access to the Equifax system, thus, IPSU employees can not assist the taxpayer with the enrollment.

IPSU CSRs can assist with:

A Fraud Alert is a consumer statement added to a credit report. This statement alerts creditors of possible fraudulent activity within a consumer's report as well as requests that a potential creditor contact the consumer prior to establishing any accounts in his/her name.

A consumer may place a fraud alert on his/her file by calling Equifax's auto fraud line at 877–478–7625 and following the simple prompts. Once a consumer has placed a fraud alert with Equifax, the other two credit reporting agencies, Experian and Trans Union, will be notified by Equifax to place alerts on their files as well.

Callers may request a fraud alert anytime within 90 days of receipt of their 4281C, IM Breach Notification Letter.

AM IPSU employees will NOT suggest to the caller to solicit this service unless the caller inquires about it and expresses interest in it.

If a caller states he/she received a letter from the IRS regarding a data loss incident but lost, misplaced the letter, etc, refer the caller to the IM office via Form 4442, Inquiry Referral, following the referral procedures below.

If a caller states he/she attempted to redeem the Promotion Code included in the data loss letter but was told the Promotion Code is expired, refer the caller to the IM office via Form 4442 following the Referral procedures below.

If the caller is insistent that he/she would like additional information, more than what was already provided, regarding the incident, the IPSU CSR will provide the standard response: "Unfortunately, I don't have access to that type of specific information. We can provide that information to you, but, it will require additional research. In order to do that, I am going to fill out a form with your questions and make sure it goes to the appropriate office to perform that research and provide you with a response. I want to be sure I understand your issue correctly -- could you please repeat the specific information you are requesting again? You should expect an answer in writing in about 30 days."

Refer to IRM 21.3.5.4.2, How to Prepare a Referral, for the required fields to be completed on the Form 4442, Inquiry Referral.

In addition to the required fields as noted in IRM 21.3.5.4.2, please include the Date of Incident and Incident Number as shown on the caller's letter in Box #5 of Form 4442.

A brief narrative should be completed in Part III of Form 4442.

Refer to IRM 21.3.5.4, Referral Procedures, for time frames for the taxpayer.

All Form 4442(s) will be collected by the Lead CSR at the beginning of each business day and faxed to the Incident Management (IM) Office in Philadelphia. The fax number for this purpose is ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ .

A member from the IM Office will contact the sender via secure e-mail confirming receipt of the faxed Form 4442(s). Once confirmation is made, the original Form 4442 can be destroyed. If no confirmation E-mail is received within 48 hours from the fax date, re-faxing the Form 4442 will be required.

In some rare situations, a caller may indicate he/she is already a victim of identity theft as a result of the IRS information loss and would like the IRS to assist him/her in dealing with this.

AM IPSU CSRs will:

If the taxpayer is threatening litigation or legal action because the IRS data loss resulted in identity theft, then a referral to the IM office MUST be sent.

AM IPSU employees are required to document all calls on AMS, by providing a brief history of what was covered with the caller.

Undeliverable procedures must be followed. See IRM 21.2.4.3.6, Undeliverable Correspondence.

Phishing is a scam where Internet fraudsters send E-mail messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victim's identity. Refer to IRM 21.1.3.24,Scams (Phishing) and Fraudulent Schemes.

The Modernized Employer Identification Number (MOD EIN) system was activated on the IRS website on July 23, 2007. It is an automated system that allows taxpayers to sign up on-line to receive an EIN in a short amount of time. After discovering problems with the system, the IRS immediately disabled the application and carefully reviewed the system. The IRS was not able to tell exactly who was affected by this incident, so the IRS notified all the individuals who logged in on July 23 of the potential risk. 4281C, IM Breach Notification Letter , was sent to all individuals possibly impacted under the MOD EIN incident. Any questions relating specifically to the issue of the status of the EIN will be referred to the unit in the IRS responsible for the issuance of the EIN.

A Form 4442, Inquiry Referral will be sent to IPSU by the function once ALL actions have been taken as required by that function's IRM. The functional employee should provide a clear and concise narrative to the IPSU identifying the issue/reason for the referral.

IPSU CSRs will research the account to identify the post function adjustment that is needed to make the taxpayer whole.

Once the issue is identified, IRM 21 will be used to ensure the proper procedures are followed in order to take the corrective action.

Monitor cases for the posting of all transactions (adjustments, credit transfers, entity changes etc.).

Post Function adjustment work will contain the MISC indicator of the function receiving the identity theft documentation. IPSU will input TC971 AC501 once all post function adjustment work is completed. IPSU will input the same MISC indicator to identify these cases as Exam's TC971 AC522. Refer to Exhibit 10.5.3-3, Acronyms and Definitions.

Once all transactions have posted, complete the Global Review. See IRM 21.9.2.7, Global Review.

Cases assigned as ITAR will be treated similar to Taxpayer Advocate Service (TAS) process including time frames. Form 14103, Identity Theft Assistance Request (ITAR) will be used when cases are required to be referred to another function including Accounts Management.

IPSU will ensure that cases assigned as ITAR meet the criteria listed in IRM 21.9.2.10, Identity Theft Assistance Request (ITAR), prior to submitting a Form 14103, Identity Theft Assistance Request (ITAR) to any Division/Function. If the referral does not meet IPSU criteria the referral will be rejected back to the originator with a brief explanation.

AM IPSU is responsible for:

If the Form 14103 referral will be sent to an Accounts Management employee with an open control, then take the following actions when appropriate:

If the referral is being sent to a function other than Accounts Management, then fax the Form 14103 to the appropriate ITAR liaison using theITAR Liaison Listing located on SERP under the Who/Where tab. The title of the fax must say "New Form 14027–B" if sending for initial contact. For subsequent fax the subject line must contain "Form 14027-B Follow-up - 1st (2nd, 3rd...etc)" , depending on how many times a follow-up is needed.

Update the control base on IDRS to reflect the contact using the following activity codes (follow-up date is required).

Issue a Letter 4524C, Identity Theft Assistance Request (ITAR) or 4524SP, Identity Theft Assistance Request (ITAR) - Spanish Version to the taxpayer providing the IPSU CSR's name and extension for direct contact. This must be done within 5 workdays of the ICT received date (or assigned date if a correspondence case). If ID theft documentation is needed, request it as it would relate to the identity theft issue from the taxpayer when initial correspondence is sent:

.

Required time frames for the ITAR process:

While the assigned IPSU CSR will be responsible for keeping the taxpayer or practitioner apprised of the progress of his or her case, this does not prohibit the function employee assigned the ID Theft case from making necessary contacts with the taxpayer.

If the function employee requires additional time to complete the actions and cannot meet the agreed upon completion date, the function employee will contact the AM IPSU CSR to establish, by mutual agreement a new completion date.

The function employee assigned to the tax related issue has the responsibility for providing official closing documents as directed in their IRM to the taxpayer and copies to the AM IPSU CSR. This will be done by completing Box 1a of Section VI on the Form 14103.

The function employee/liaison will return the Form 14103 to the IPSU CSR with Section V and VI completed via CIS or fax when CIS is not available.

The IPSU CSR is responsible for communicating and reiterating the final decision on the tax related issue to the Identity Theft Victim (Taxpayer) via the 4524C/4524SP letter Identity Theft Assistance Request (ITAR). Standard TAS language will be provided offering the victim (Taxpayer) TAS information if still not satisfied with the function's final decision.

AM IPSU will ensure all actions have posted correctly to the taxpayer's accounts, and close the ITAR controls on AMS. Scan the completed Form 14103 and associate with existing ITAR case.

Upon return of the Form 14103/case from the function, the IPSU will initiate a global account review. Refer to IRM 21.9.2.7, Global Review.

AM CSRs will receive a Form 14103, Identity Theft Assistance Request (ITAR), referral from an IPSU CSR (Andover or Fresno) when they are working to resolve a tax related issue involving identity theft regardless if there is an open control on IDRS or AMS on the case.

The Form 14103 MUST have an acknowledged receipt within 5 business days via secure e-mail or by entering a Case Note on the linked cases on AMS/CIS.

Identity theft cases referred with the Form 14103 are considered priority (similar to a TAS OAR) and must be worked accordingly.

Review Section IV, Specific Assistance Requested, of the Form 14103 and determine whether the recommended action is appropriate and the requested completion date is reasonable.

Once receipt acknowledgment of the Form 14103 has been sent back to the IPSU CSR, and questions and completion dates have been agreed to, convert your case's control from the originally assigned category (IDT1, IDT3, TPRQ, DUPF etc) to IDT9 on AMS/CIS and IDRS. DO NOT CHANGE THE RECEIVED DATE. By using this category code, you will have the ability to track your case on AMS/CIS and your Automated Age Listing (AAL).

The AM CSR assigned to the tax related issue has the responsibility for providing the taxpayer with official closing documents as directed in IRM procedures and providing copies to the AM IPSU CSR.

The AM CSR is required to provide a status update every 30 days to AM IPSU. The status update can be made by:

Once the tax related issue is resolved, and all adjustment actions have been input, the AM CSR will return the Form 14103 to the IPSU CSR with all required fields completed in Section VI.