Data breach: Implications for tax season?
A compromised Social Security number (SSN) can have far-reaching financial or credit implications in the event of identity theft, including filing concerns come Tax Day.
In cases of fraudulent tax return filings, it causes a delay in issuing refunds and is a major disruption for victims.
As of Jan. 23, the Internal Revenue Service (IRS) began accepting tax returns with more than 153 million individual federal returns expected to be filed before this year's deadline of April 18. However, early filing doesn't always mean a quicker refund—and it's due to the threat of identity theft.
Precipitated by the growing threat of tax refund fraud, a public-private tax industry initiative reported success last year with a nearly 50 percent drop in IRS affidavits filed by identity theft victims through September 2016. Still, some 787,000 fraudulent tax returns made it to the IRS' tax processing system before being nixed.
Tax-related identity theft occurs when someone uses another individual's SSN to file a tax return, claiming a fraudulent refund. Often people are unaware this has happened until they e-file and discover that their SSN has already been used to file a return, or the IRS issues a mailed notification of a suspicious return, according to the agency.
Several warning signs of tax-related identity theft, include:
- Multiple tax returns filed under one SSN
- Owing additional tax, refund offset or had collection actions taken for a year that a tax return wasn't filed
- IRS records indicate received wages or other income from an employer for whom the taxpayer did not work
Taxpayers are most at risk when stolen information includes both an SSN and financial data, such as wages. However, cybertheft involving credit card numbers or drivers' license numbers alone will not affect a tax account. Generally, the IRS states that not every data breach results in identity theft and not every identity theft is tax-related identity theft.
Should taxpayers suspect tax-related identity theft, or the IRS issues a letter indicating a problem, contact the IRS immediately. If taxpayers receive IRS correspondence indicating tax-related identity theft or the rejection of an e-file tax return as a duplicate, take these steps with the IRS:
- Respond immediately to the IRS notice
- Submit an IRS Form 14039, the Identity Theft Affidavit, only if a compromised SSN resulted in a duplicate e-file return, or the IRS notifies the taxpayer of tax-related identity theft
- Continue to file a tax return, even if that means a paper filing, and attach the Form 14039
- Respond quickly to IRS follow-up correspondence
Take note that the IRS will not contact taxpayers via email, text message or social media, to request personal or financial information. The IRS also may be contacted for specialized assistance at 1.800.908.4490
Mike Stokes, J.D., AOA general counsel, suggests AOA members or students impacted by the profession's ongoing data breach consider several Federal Trade Commission (FTC) precautions that could minimize the threat of tax-related identity theft. These precautions include filing your tax return early in the tax season, using a secure internet connection to file electronically or checking annual credit reports yearly to make sure no other accounts have been opened in your name.
"The IRS will eventually sort out the facts in cases of fraudulent tax return filings, but it causes a delay in issuing refunds and is a major disruption for victims," Stokes says. "It makes sense to take steps to reduce your chances of being victimized, or in this particular situation, victimized a second time."
AOA continues to advocate for data privacy, data breach resolution
The profession continues to contend with a data breach dogging countless doctors and optometry students since this past fall when reports of unsolicited, fraudulent applications for Chase Amazon.com Visa cards came to light. At the direction of the AOA's Board of Trustees, the AOA apprised federal authorities of the breach, including the U.S. Attorney General's Office (member login required) and Department of Justice. Additionally, the AOA called for a united front among affiliates and others, asking optometric testing organizations and state boards of optometry to immediately discontinue use of SSNs as personal identifiers. This petition resulted in the National Board of Examiners in Optometry (NBEO) eliminating the use of SSNs in favor of "OE Tracker numbers."
As of Jan. 26, the NBEO announced its own months-long investigation into its systems found no evidence of compromised personal information.
To date, the source of the breach is still unknown. The AOA continues to closely follow this situation and will provide updates when possible.
Click here to learn more about protecting your identity, even if you haven't been affected by this breach.