The IRS recently sent out another round of notices (CP 118) to taxpayers whose information was stolen in a data breach involving an agency contractor. While some of this data leak became public when certain high-profile individuals’ tax returns were disclosed in the media, the full extent of the breach was only recently determined. The IRS is continuing to notify impacted taxpayers as more information becomes available.
What Happened?
Between 2018 and 2020, an IRS contractor unlawfully accessed and stole tax return information from an estimated 100,000 individuals and businesses. The stolen data included full tax returns, as well as information such as K-1 forms issued from partnerships or S-Corporations. The breach appears to have primarily affected high-net-worth taxpayers and business owners.
The IRS has sent out notices in multiple waves:
- January 2024: The first set of letters (Letter 6613-A) was issued.
- April 2024: A second wave of notifications was sent to affected businesses.
- December 2024: The latest batch of IRS notices (CP 118) started to be mailed out.
These notices do not specify what specific information was compromised but confirm that some taxpayer data was accessed without authorization.
What Should You Do If You Receive a CP 118 Notice?
If you receive a notice from the IRS regarding this breach, here are the recommended steps to protect yourself:
- Review the Notice Carefully
- While the letter won’t provide granular details on what was accessed, it confirms that your tax information was compromised.
- Keep the notice for your records and forward to your tax team.
- Monitor Your IRS Account
- Log into your IRS Online Account (www.irs.gov) to check for any unauthorized activity.
- Review past filings and watch for unfamiliar notices from the IRS. Forward any notices to your tax team so they can review and help identify suspicious activity.
- Request an IRS Identity Protection PIN (IP PIN)
- An IP PIN is a unique six-digit number that prevents unauthorized tax filings under your Social Security number.
- You can obtain one via the IRS website: Get an IP PIN.
- Monitor Your Credit and Place Fraud Alerts
- Contact one of the major credit bureaus to place a fraud alert on your credit file:
– Equifax: 1-800-525-6285 | www.equifax.com
– Experian: 1-888-397-3742 | www.experian.com
– TransUnion: 1-800-680-7289 | www.transunion.com
- Contact one of the major credit bureaus to place a fraud alert on your credit file:
- File Your Taxes Early
- Filing as soon as possible each year helps prevent fraudsters from submitting a fraudulent return in your name before you do.
- Beware of IRS Scams
- The IRS will never contact you via email, text, or phone for sensitive tax matters.
- If you receive a suspicious message claiming to be from the IRS, do not respond, report it to the IRS directly at 1-800-829-1040.
Final Thoughts
The IRS breach is a stark reminder that taxpayer data security is critical,and no organization can provide absolute protection of personal information. Taking proactive steps to safeguard your financial identity is crucial.
If you have concerns about your tax security or need guidance on next steps, please feel free to reach out to our office.
No comments found.