Lindsey NolanThe national tax system experiences extreme challenges with data theft. Identity theft is the top complaint filed with the Federal Trade Commission, occurring every two seconds in the United States. The financial burden of identity theft now exceeds all other property crimes combined, making it a top criminal investigative priority. Keep in mind – not all data theft is identity theft, and not all identity theft is related to the filing of fraudulent tax returns.

IRS Commissioner John Koskinen has revealed these facts:

  • 100 million+ Social Security Numbers (SSNs) were stolen in 2015
  • 104,000+ taxpayer accounts had been compromised by hackers as of June 2015
  • 220,000+ taxpayers have been offered credit protection and an Identity Protection PIN
  • 19 million suspicious returns were reviewed between 2011-2014
  • $63 billion fraudulent refunds were rejected between 2011-2014
  • Nearly 1,800 investigations were initiated in the last two years; over 1,500 of these led to prison sentences

The IRS has taken more precautionary measures in recent years and improved cooperation with law enforcement. Pre-refund fraud filters have increased from 11 in 2012 to 200 in 2015. Direct deposits are now limited to three refunds into a single bank account. Electronic Filing Identification Number (EFIN) policies have been improved to prevent abuse; the IRS encourages preparers to monitor their number of returns filed using their EFIN to be able to detect any excessive use. Internal use of SSNs has been reduced, and prisoner tax fraud has also steadily declined. Nearly 29 million deceased taxpayer accounts have been locked to avoid further activity. The IRS has worked with 286 financial institutions in the past three years to identify fraudulent refunds; $3 billion worth of refunds were recovered this way. More than 20 new data elements were added to the filing verification process in an effort to limit fraud.

Tax return preparers are prime targets for fraudsters seeking personal and financial data. We are trained to treat this information like cash – don’t leave it lying around – and you should follow this same guideline too. The Internal Revenue Code imposes criminal and monetary penalties for anyone knowingly or recklessly making unauthorized disclosures. Types of scams that can lead to data loss include: phishing emails, fake phone calls, embedded text messages, Wi-Fi breaches, and bugged software. Forward IRS-related scam emails to [email protected] and report IRS-impersonation calls at

Employers can do their part in reducing fraud risk as well. The following is a list of ways to address potential theft in the workplace:

  • educate employees
  • hire additional staff
  • immediately notify clients if a data breach occurs
  • obtain credit protection services
  • ensure good insurance policies
  • create strict password standards
  • use top-rated security software
  • protect wireless connections
  • backup taxpayer data on external hard drive with limited access
  • set up automatic shutdown of company computers

If you or your firm experiences taxpayer data loss, call your local stakeholder liaison listed on the IRS website ( They will note your account, alert major credit bureaus, notify appropriate authorities, and help determine whether an investigation should be launched. The IRS is working hard with state officials, tax software providers, and tax preparers to combat the threat of compromised information. Cybercriminals are constantly evolving, but the IRS is also making progress. Remember the IRS will only initiate contact with you regarding a tax matter via mail, not any type of electronic communication. If you are concerned you may have suffered identity theft, contact your KT representative for assistance.