In a move highlighting the growing threat of data breaches, a former Internal Revenue Service (IRS) contractor, Charles Littlejohn, was sentenced to five years in prison in January 2024 for stealing tax information in what is considered the largest documented data theft in IRS history. This breach exposed the financial data of thousands of wealthy Americans between 2018 and 2020.
This incident underscores the vulnerability of personal information and the potential consequences for those affected. However, the sentence some consider lenient, a five-year term with a $5,000 fine, has spurred lawmakers to action.
House Republicans Propose Increased Penalties
Responding to the perceived inadequacy of the current penalties, Republicans within the House Ways and Means Committee introduced the Taxpayer Data Protection Act (HR 8292). This legislation aims to significantly increase the punishment for unauthorized disclosure of tax information.
The proposed bill would raise the maximum fine from $5,000 to $250,000 and extend the potential prison sentence from five to ten years. This stricter legislation reflects the severity of compromising sensitive financial information.
What Taxpayers Need to Know
The IRS is currently notifying affected taxpayers, but the extent of the damage remains unclear. This incident serves as a stark reminder that protecting your personal information is crucial. Here’s what taxpayers should do:
- Be Aware of the Risks: The IRS data theft by Littlejohn is similar to more recent events like the AT&T data breach, which occurred in April 2024. In both instances, basic information like full name, Social Security number and date of birth were compromised, highlighting how easily criminals can exploit stolen data to file fraudulent tax returns.
- Protect Yourself with an Identity Protection PIN (PIN): Taxpayers should consider applying for an Identity Protection PIN, which is a unique number provided by the IRS annually that is required to file your tax return. This extra layer of security makes it much harder for someone to use your information fraudulently. You can easily apply for an Identity Protection PIN here.
- Freeze Your Credit: Considering that data breaches are becoming increasingly common, freezing your credit with the three major bureaus (Equifax, Experian, and TransUnion) is a highly recommended step. This essentially puts a lock on your credit report, preventing unauthorized access for fraudulent activities. Freezing and unfreezing your credit can be done online, often within a 10-minute window, and allows temporary access for legitimate loan applications.
Stay Vigilant and Take Action
While the taxpayer is not liable for fraudulent tax returns, it is important to note that the standard response time by the IRS is several months. However, due to backlogs and other general staffing issues, taxpayers may experience much longer than normal delays in response. Also, while the IRS does have systems in place to flag potential fraudulent returns, it is possible that a fraudulent return could be missed. In other instances, if multiple returns are filed (i.e., one legitimate and one fraudulent), usually they process the return they received first, which may further complicate the process. By remaining vigilant and taking the right proactive and precautionary steps, taxpayers can significantly reduce the risk of identity theft and minimize the impact of such breaches. Windham Brannon’s Tax Practice and Cybersecurity Practice can help taxpayers understand their risk and make smart decisions to protect their valuable personal data. For more information, reach out to your Windham Brannon advisor today, or contact Doug Neal and Al Tanju.
