IRS Logo
Print - Click this link to Print this page

Reporting Improper Inspections or Disclosures

Upon discovering a possible improper inspection or disclosure of FTI, including breaches and security incidents, by a federal employee, a state employee, or any other person, the individual making the observation or receiving information must contact the office of the appropriate special agent-in-charge, TIGTA immediately, but no later than 24 hours after identification of a possible issue involving FTI. Call the local TIGTA Field Division Office first.
 

TIGTA Field Division Information
TIGTA Field Division States Served by Field Division

Telephone Number

 

Atlanta

 

Alabama, Florida, Georgia, North Carolina, South Carolina, Tennessee, Puerto Rico, and U.S. Virgin Islands, 

470-639-3792

Mid-states

Arkansas, Illinois, Iowa, Kansas, Louisiana, Michigan, Minnesota, Mississippi, Missouri, Nebraska, North Dakota, South Dakota, Wisconsin, Northern Ohio, Oklahoma, Texas, Louisiana, Kansas, Missouri, Nebraska

713-209-3711

Denver

Alaska, Arizona, Colorado, Idaho, Montana, New Mexico, Nevada, Oregon, Utah, Washington, Wyoming

 

801-620-7734

New York

Connecticut, Maine, Massachusetts, New Hampshire, New York, Rhode Island, and Vermont

917-408-5640

San Francisco California, Hawaii, Guam, American Samoa, Commonwealth of Northern Mariana Islands, Trust Territory of the Pacific Islands 213-576-4147

Washington

Delaware, Indiana, Kentucky, Martinsburg Computing Center, Maryland, New Jersey, Pennsylvania, Southern Ohio, Virginia, West Virginia, Washington, DC

215-861-1003

Electronic Crimes & Intelligence Division Any agency reporting a cyber-incident such as data breach may report directly to this division

240-613-5230

cybercrimes@tigta.tres.gov 

 

If unable to contact the local TIGTA Field Division, contact the Hotline Number.

   Hotline Number:   800-589-3718

    Online: https://www.treasury.gov/tigta

    Mailing Address:       Treasury Inspector General for Tax Administration

                                        Ben Franklin Station

                                        P.O. Box 589

                                        Washington, DC 20044-0589

In conjunction with contacting TIGTA, the Office of Safeguards must be notified.  (See Pub. 1075, Section 10.2, Office of Safeguards Notification Process)

Office of Safeguards Notification Process

Concurrent to notifying TIGTA, the agency must notify the Office of Safeguards by email to Safeguards mailbox, safeguardreports@irs.gov. To notify the Office of Safeguards, the agency must document the specifics of the incident known at that time into a data incident report, including but not limited to:

  • Name of agency and agency Point of Contact for resolving data incident with contact information
  • Date and time the incident occurred
  • Date and time the incident was discovered
  • How the incident was discovered
  • Description of the incident and the data involved, including specific data elements, if known
  • Potential number of FTI records involved; if unknown, provide a range if possible
  • Address where the incident occurred
  • IT involved (e.g., laptop, server, mainframe)

Reports must be sent electronically and encrypted via IRS-approved encryption techniques. Use the term data incident report in the subject line of the email.  Do not include any FTI in the data Incident report.

Even if all information is not available, immediate notification is the most important factor, not the completeness of the data incident report. Additional information must be provided to the Office of Safeguards as soon as it is available.

The agency will cooperate with TIGTA and Office of Safeguards investigators, providing data and access as needed to determine the facts and circumstances of the incident.

Incident Response Procedures
The agency must not wait to conduct an internal investigation to determine if FTI was involved in an unauthorized disclosure or data breach. If FTI may have been involved, the agency must contact TIGTA and the IRS immediately.

Incident response policies and procedures required in Section 9.3.8, Incident Response, must be used when responding to an identified unauthorized disclosure or data breach incident.

The Office of Safeguards will coordinate with the agency regarding appropriate follow- up actions required to be taken by the agency to ensure continued protection of FTI. Once the incident has been addressed, the agency will conduct a post-incident review to ensure the incident response policies and procedures provide adequate guidance. Any identified deficiencies in the incident response policies and procedures should be resolved immediately. Additional training on any changes to the incident response policies and procedures should be provided to all employees, including contractors and consolidated data center employees, immediately.

Incident Response Notification to Impacted Individuals
Notification to impacted individuals regarding an unauthorized disclosure or data breach incident is based upon the agency’s internal incident response policy since the FTI is within the agency’s possession or control.

However, the agency must inform the Office of Safeguards of notification activities undertaken before release to the impacted individuals. In addition, the agency must inform the Office of Safeguards of any pending media releases, including sharing the text, prior to distribution.

FTI Suspension, Termination, and Administrative Review
The federal tax regulation 26 CFR 301.6103(p)(7)-1 establishes a process for the suspension or termination of FTI and an administrative review if an authorized recipient has failed to safeguard returns or return information. For more information, refer to Exhibit 3, U.S.C Title 26, CFR 301.6103(p)(7)-1.
 

References/Related Topics

Page Last Reviewed or Updated: 18-Jul-2016