8/28/2015 In the past few years there has been much news about massive
data breaches at mega-corporations and government agencies. Whether it is
wayward hackers, state-sponsored data thieves, or the 21st century
equivalent of a pickpocket, these incidents are making consumers anxious about
the possibility that their personal information may end up in the hands of
unscrupulous individuals. Their fears are not unfounded. In 2015, the Javelin Strategy
& Research group released
a report indicating that 12.7 million people in America were victims of
identity theft in 2014. Identity theft
has topped
the list of consumer complaints to the Federal Trade Commission for 15
years in a row. The Internal Revenue Service’s Dirty Dozen list, an annual list
of the top tax scams, has consistently seen identity theft in
the top spot for the past few years. In July 2015, the Consumer Federation
of America reported that identity theft is the top fastest-growing complaint for state
and local consumer protection agencies across the country. ID Theft Services are
Big Business Concern about identity theft has led many consumers to buy identity
theft services (click here
for information about these services and what to ask if you are considering
purchasing one). Consumer
Reports estimated that in 2010, 50 million Americans spent $3.5 billion on these
services. This number has likely risen
alongside the number of complaints and data breach incidents. And more and more
people being offered identity theft services for free as a result of data
breaches. IRS Issues Guidance
on Tax Implications To address questions about how free services that are provided
to data breach victims should be dealt with for tax purposes, the IRS recently announced that it: “will not assert that an individual
whose personal information may have been compromised in a data breach must
include in gross income the value of the identity protection services provided
by the organization that experienced the data breach. Additionally, the IRS
will not assert that an employer providing identity protection services to
employees whose personal information may have been compromised in a data breach
of the employer’s (or employer’s agent or service provider’s) recordkeeping
system must include the value of the identity protection services in the
employees’ gross income and wages.” In layman’s terms, the IRS won’t count the value of those services
as taxable income. However, this policy doesn’t apply to individuals who are
paid in cash instead of services, or if identity theft services are provided
outside of the context of a data breach (for instance, if they are provided as
an employee benefit). This IRS announcement also doesn’t apply to identity
theft insurance policy proceeds. The IRS is asking for public comment on the announcement by
October 13. Comments can be made by email to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
with “Announcement 2015-22” in the subject line or via snail mail to: Internal Revenue Service
CC:PA:LPD:PR (Announcement 2015-22) A personal information safety tip: Don’t include any
personal details that you wouldn’t want shared in the body of your message or letter,
as these comments can be made available to the public. |