Haven’t Victims of Data Breaches Been Taxed Enough?

castle-979597_960_720During the 2014 tax season we were all reminded, almost on a daily basis, about the numerous data breaches that occurred. It seemed that the identity of every taxpayer was at risk. Private industry had data breaches as did the federal government with one of the most massive data breaches occurring at the IRS.

This is made clear in a recent article in Accounting Today, “Data breaches have been a growing problem in private industry and the federal government, including the IRS, which revealed in May that organized criminals had used its online Get Transcript application to access the tax returns of an estimated 104,000 taxpayers 

Now, it appears that the IRS seems to think they are doing individuals and businesses a big favor by merely considering not to tax either on payments made to the companies that serve those who’ve had their identities stolen in the numerous data breaches. According to Accounting Today, “Despite the efforts of many businesses, government agencies and other organizations, data breaches and computer hacking can expose the personal information of employees and customers to identity thieves. In response to such data breaches, the IRS noted that organizations often provide credit reporting and monitoring services, identity theft insurance policies, identity restoration services, or similar services to their customers, employees and other individuals whose personal information may have been compromised as a result of a data breach. These identity protection services aim to prevent and mitigate losses due to identity theft resulting from the data breach.” 

The article continues, making it seem as though the IRS is trying to be reassuring, “The Internal Revenue Service said it will not assert that an individual whose personal information may have been compromised in a data breach must include in gross income the value of the identity protection services provided by the organization that experienced the data breach.”

The very fact that the IRS is putting time and resources into pondering whether or not taxpayers should be taxed on recovering their identities and reputations as responsible citizens is disconcerting. It would appear the IRS might want to place all of their limited resources due to massive budget cuts toward correcting the problem that allowed their systems to be breached in the first place. And, they might be better served by making efforts to ease the burden of those taxpayers who were treated like criminals while the criminals were treated like innocent taxpayers whose identities they stole.

And as it turns out, the pondering continues as the Accounting Today article reports that, “However, questions have been raised concerning the taxability of identity protection services provided at no cost to customers, employees or other individuals whose personal information may have been compromised in a data breach. The IRS’s existing guidance has not specifically addressed these questions.”

So, the fact of the matter is that no one knows what stand the IRS will take on that item. Taxable or not taxable, that is the question. Meanwhile the data breaches go on promising to disrupt many more lives in the 2015 tax season and beyond.