Data Breach of Your Personally Identifiable Information

A data breach is the intentional or unintentional release or theft of secure information. It can be the improper disposal of personally identifiable information in the trash or a sophisticated cyber-attack on corporate computers by criminals. It can affect companies large or small.

The one common link is the victim, the person whose identity, financial or personal information has been compromised.

Here’s what you should know about data breaches:

Not every data breach will result in identity theft, and not every identity theft is tax-related identity theft.

Tax-related identity theft is when someone uses your Social Security number to file a false tax return claiming a fraudulent refund. Your tax account is most at risk if the data breach involves both your SSN and financial data, such as wages. Data breaches involving just credit card numbers, health records without SSNs or even drivers’ license numbers, while certainly serious, will not affect your tax account. 

The Internal Revenue Service is committed to working with taxpayers to ensure that all federal tax accounts remain secure. You should contact your state taxing authority if you suspect your state tax account was compromised.

The IRS stops most fraudulent tax returns. If fraud is suspected during processing, the IRS will contact you via mail with instructions. You could identify potential identity theft if you attempt to file electronically and your return is rejected, and if you are advised that the social security number cannot be used to file electronically as it has already been used. 

If you are a data breach victim, take these steps:

  1. If possible, determine what type of Personally Identifiable Information (PII) has been lost or stolen. It is important to know what kind of information has been stolen so you can take the appropriate steps. For example, a stolen credit card number will not affect your IRS tax account.
  2. Stay informed about the steps being taken by the company that lost your data. Some may offer special services, such as credit monitoring services, to assist victims.
  3. Follow the Federal Trade Commission recommended steps, including:
    • Notify one of the three major credit bureaus to place a fraud alert on your credit file;
    • Consider a credit freeze, which will prevent access to your credit records;
    • Close any accounts opened without your permission.
    • Visit www.identitytheft.gov for additional guidance.
  4. If you received IRS correspondence indicating you may be a victim of tax-related identity theft or your e-file tax return was rejected as a duplicate, take these additional steps with the IRS:
    • You can submit an IRS Form 14039, Identity Theft Affidavit online and
    • Continue to file your tax return, even if you must do so by paper. You can complete and attach the Form 14039PDF and submit it with your paper tax return if you do not submit it online.  Only use one method to submit the Form14039, do not submit the form more than once.
    • Watch for any follow-up correspondence from the IRS and respond quickly.

Who should file a Form 14039?

This form should be used if your Social Security number has been compromised and IRS has informed you that you may be a victim of identity theft tax fraud, or your e-file return was rejected as a duplicate. The Form 14039 is available at IRS.gov. Follow the instructions exactly. You can submit the form online, or you can complete the fillable form to fax or mail. If you were prevented from filing, you can submit the form with your paper tax return if someone else has already filed a return using your SSN. You only need to file it once. If your return was rejected due to someone claiming your dependent’s social security number, you will need to file a separate Form 14039 for them. You will not be able to file electronically and will need to submit a paper return. Additional information on what to do when you suspect dependent identity theft can be found at What to do when someone fraudulently claims your dependent.

Additional Information