A data breach is the intentional or unintentional release or theft of secure information. It can be the improper disposal of personally identifiable information in the trash or a sophisticated cyber-attack on corporate computers by criminals. It can affect companies large or small.
The one common link is the victim, the person whose identity, financial or personal information has been compromised.
Here’s what you should know about data breaches:
Not every data breach results in identity theft, and not every identity theft is tax-related identity theft.
Tax-related identity theft is when someone uses your Social Security number to file a false tax return claiming a fraudulent refund. Your tax account is most at risk if the data breach involves both your SSN and financial data, such as wages. Data breaches involving just credit card numbers, health records without SSNs or even drivers’ license numbers, while certainly serious, will not affect your tax account.
The Internal Revenue Service is committed to working with taxpayers to ensure that all tax accounts remain secure.
The IRS stops the vast majority of fraudulent tax returns. If fraud is suspected, the IRS will contact you via mail with instructions. Or, you may attempt to file electronically and your return is rejected as a duplicate.
If you are a data breach victim, take these steps:
- If possible, determine what type of Personally Identifiable Information (PII) has been lost or stolen. It is important to know what kind of information has been stolen so you can take the appropriate steps. For example, a stolen credit card number will not affect your IRS tax account.
- Stay informed about the steps being taken by the company that lost your data. Some may offer special services, such as credit monitoring services, to assist victims.
- Follow the Federal Trade Commission recommended steps, including:
- Notify one of the three major credit bureaus to place a free fraud alert on your credit file;
- Consider a credit freeze, which, for a fee in some states, will prevent access to your credit records;
- Close any accounts opened without your permission;
- Visit www.identitytheft.gov for additional guidance.
- If you received IRS correspondence indicating you may be a victim of tax-related identity theft or your e-file tax return was rejected as a duplicate, take these additional steps with the IRS:
- Submit an IRS Form 14039, Identity Theft Affidavit
- Continue to file your tax return, even if you must do so by paper, and attach the Form 14039
- Watch for any follow-up correspondence from the IRS and respond quickly.
Who should file a Form 14039?
This form should be used if your Social Security number has been compromised and IRS has informed you that you may be a victim of identity theft tax fraud or your e-file return was rejected as a duplicate. The fillable form is available at IRS.gov. Follow the instructions exactly. You can fax or mail it or submit it with your paper tax return if you have been prevented from filing because someone else has already filed a return using your SSN. You only need to file it once.