The Internal Revenue Service Did Not Identify and Assist All Individuals Potentially Affected by the Get Transcript Application Data Breach

The Commissioner, Wage and Investment Division, should ensure that additional evaluative methods are implemented to identify all individuals affected by the Get Transcript application breach and that procedures are developed based on this breach to assist the IRS in responding to any future related data breaches.

Once analysis of the 620,931 suspicious account accesses is complete, the Commissioner, Wage and Investment Division, should issue notification Letter 4281-G to the taxpayers whose accounts were potentially targeted by unauthorized individuals and place identity theft incident markers on the accounts of taxpayers whose accounts do not have the marker.

The Commissioner, Wage and Investment Division, should ensure that all appropriate authentication system error codes are included when responding to any future data breaches so that all potentially fraudulent accesses are captured and analyzed to properly identify all individuals affected by the breach.

The Commissioner, Wage and Investment Division, should ensure that the 2,470 individuals identified by TIGTA are mailed Letter 4281-B.

The Commissioner, Wage and Investment Division, should ensure that required identity theft incident markers are placed on the tax accounts of the 44 taxpayers affected by the Get Transcript application breach.