[Updated 2020] Tax identity theft is a huge problem in this country. According to the most recent statistics, over 15 million Americans had their identities stolen last year. Just five years ago that number was 9 million per year. So who can we trust to protect us? Unfortunately, not the IRS.
Stories of hackers breaking into business computer systems to steal credit card information and Internet phishing schemes are nothing new. Recently we learned of a fake ATM machine installed in Las Vegas adjacent to a computer hacker convention – and yes some of the hackers were themselves victimized. Now we can add the IRS to the list of places where our personal data is not safe.
A report by the U.S. Government Accountability Office (GAO) says IRS efforts to stop identity theft are woefully inadequate. Since that report was issued, the IRS has made significant strides in reducing identity theft claims but has a long way to go.
The highest year for tax identity theft was 2015 when the IRS reported a staggering 1.4 million returns were confirmed as identity theft incidents. In 2017 that figure dropped to 597,000, a drop of more than 50% in just two years.
The Service also acknowledged it didn’t begin any major effort to detect and thwart identity theft until 2008. A day late and a dollar short? The GAO thinks the Service is years late and tens of millions of dollars short.
Although tax fraud and forgery has always been illegal, Congress passed the Identity Theft and Assumption Deterrence Act in 1998. And the FTC has publicly acknowledged problems with ID theft at the IRS since at least 2004. Why then is the IRS still having such problems? Good question.
The IRS told the GAO that is is considering increasing its identity theft prevention measures for the upcoming filing season but admits it doesn’t have an effective way of measuring how well those procedures are working. And the very privacy laws that supposedly were passed to protect our financial records from disclosure make coordinating with police difficult. In some cases, the IRS balks at working with the victims; instead releasing refunds to the fraudster!
Sound incredible? The GAO found instances of the release of refunds to fraudsters even after the legitimate taxpayer notified the IRS of the identity theft.
Will the government get the problem fixed? Probably yes. But don’t count on it any time soon. Although incidents of tax identity theft are down, criminals are getting more sophisticated.
After years of declining theft rates, we are especially worried about the 2o20 filing season since so many IRS resources have been redirected to the COVID-19 stimulus problems. IRS staffing is way down too with few vacancies being filled.
A recent Forbes article says the IRS prosecuted 649 identity theft cases in 2016. This fiscal year (FY 2018 ended on October 31st), there were only 217 prosecutions, a drop of two-thirds.
How to Fight Tax Identity Theft
Here are several easy and practical tips to avoid tax return identity theft.
First, carefully guard your social security number. Your SSN is what the IRS uses to keep track of your return and any refunds. Most people have their social security number memorized. Assuming you, stop carrying the card.
Once a year you should get an a current statement from the Social Security Administration. Look at it closely for anything that doesn’t make sense
Next another obvious, practice good password hygiene. This means changing passwords frequently, not providing them to others and making sure they are difficult to hack.
Related to good password hygiene is making sure your virus protection is up-to-date and always running in the background. Ditto for checking email attachments for possible malware. If you think you opened a bad link by accident, run a virus scan and change passwords.
While making sure what you are doing online is safe, don’t throw away banks statements and sensitive financial data in the trash. Make sure they are first shredded.
No matter what protective measures you take, data breaches still happen.
If you are a victim, find out what type of information was likely taken. You can place a “fraud alert” on your credit record and use IRS Form 14039, Identity Theft Affidavit to alert the IRS.
Help for Identity Theft Victims
Identity theft is a multibillion dollar problem in the United States. Victims can spend months or years and thousands of dollars cleaning up the mess the thieves have made of a good name and credit record. In the meantime, victims of identity theft may lose job opportunities, be refused loans for education, housing, or cars, and even get arrested for crimes they didn’t commit. Humiliation, anger, and frustration are among the feelings victims experience as they navigate the process of rescuing their identity. Suing the thief, if he or she is even caught, is a possibility but chances are that they have no money. So what can you do?
If the theft of your identity occurs because of the negligence of a third party, there may be plenty that you can do. Banks, utility companies, stores and others who collect and process your credit data have a responsibility to protect and safekeep your information. If they fail to do so, you may be able to recover against them even though they are not the ones who stole or profited from your identity. And if the bank takes too long to fix the problem once they have been notified by you, they may be liable as well.
Mahany Law is a national boutique law firm concentrating in fraud recovery. We typically do not handle identity theft involving taxes or consumer issues*. We will consider individual cases where the actual loss is $5 million or more. ($1 million for losses involving stockbrokers and investment advisors.) Attorney Brian Mahany and his team of investigators, forensic accountants and lawyers have helped recover billions of dollars for victims of fraud.
Contact us by email , online or by phone at 202-800-9791. You can also visit our investment fraud recovery page. Most services are billed on an hourly basis although sometimes we will consider contingent or hybrid fee arrangements.
*We do represent company insiders (whistleblowers) with information about corporate data breaches.