Forbes.com 

The IRS has filed an amended statement on the ‘Get Transcript’ hack — which reports that 700,000 U.S. taxpayer accounts were accessed or targeted, and 47 million transcripts have been ordered to date.

In January 2014, Get Transcript launched on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application on IRS.gov. The IRS identified approximately 225,000 taxpayers whose transcripts had been accessed or targeted. In August 2015, the IRS announced it had identified approximately 390,000 additional taxpayer transcripts which had been access or targeted – which brought the total number of hacked accounts to 615,000.

The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity – which led to the amended reporting of approximately 700,000 hacked accounts to date.

The IRS is notifying the hacked taxpayers by mail — informing that they have been victims and cyber thieves may have their personal information, and providing guidance.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”

The online viewing and download feature of “Get Transcript” has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.

Post-hack reporting by the U.S. government usually gets worse over time. When OPM was hacked, the first reported numbers indicated four million people had their personal information exposed. The final tally was nearly 22 million.

The IRS has filed an amended statement on the ‘Get Transcript’ hack — which reports that 700,000 U.S. taxpayer accounts were accessed or targeted, and 47 million transcripts have been ordered to date.

In January 2014, Get Transcript launched on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application on IRS.gov. The IRS identified approximately 225,000 taxpayers whose transcripts had been accessed or targeted. In August 2015, the IRS announced it had identified approximately 390,000 additional taxpayer transcripts which had been access or targeted – which brought the total number of hacked accounts to 615,000.

The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity – which led to the amended reporting of approximately 700,000 hacked accounts to date.

The IRS is notifying the hacked taxpayers by mail — informing that they have been victims and cyber thieves may have their personal information, and providing guidance.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”

The online viewing and download feature of “Get Transcript” has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.

Post-hack reporting by the U.S. government usually gets worse over time. When OPM was hacked, the first reported numbers indicated four million people had their personal information exposed. The final tally was nearly 22 million.

Steve Jobs understood what people want. His insistence on making hard things easier — for instance, using a personal computer — was an essential part of the Apple success story. Apple CEO Tim Cook has been doing the same thing — but now the “hard thing” is privacy and encryption.

Apple has consistently earned top marks for its privacy and data security policies. That said, since the San Bernardino shooting, which left 14 dead and 22 seriously injured, the company’s privacy-first approach has been experiencing a sort of baptism by fire.

Much debate has arisen around the encryption on San Bernardino shooter Syed Rizwan Farook’s iPhone 5C. Shortly after the shooting, the iCloud password associated with Farook’s phone was reset by a law enforcement officer attempting to gather information.

The snafu purportedly eliminated the opportunity for any information on the phone to auto backup onto the cloud when the device was used on a recognized Wi-Fi network. This information could have then been retrieved.

According to ABC News, the last time Farook’s phone had been backed up was Oct. 19, 2015 — a month and a half before the attack. According to court documents, this fact suggested, “Farook may have disabled the automatic iCloud backup function to hide evidence.”

Apple provided the FBI with the iCloud backups prior to Oct. 19. But the government wanted access to the phone, at least partially to discern if Farook had any terrorist ties. And, to get to it, the FBI asked Apple to reverse a feature that erases an iPhone’s data after 10 failed attempts to unlock it. If Apple did so, the government could use software to guess Farook’s passcode.

The FBI argued its reset of Farook’s password should not prevent Apple from honoring this request.

“It is unknown whether an additional iCloud backup of the phone after that date — if one had been technically possible — would have yielded any data,” the agency said in a statement. “Direct data extraction from an iOS device often provides more data than an iCloud backup contains.”

And, last week, a federal court ordered Apple to develop a custom iOS so the FBI could gain access to the phone. Apple is refusing to comply with the court order.

“Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” CEO Tim Cook said in an open letter to Apple customers. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

What’s at Stake

Consumer awareness around privacy and encryption has gained traction, following Edward Snowden’s revelations regarding the scope of government surveillance practices at the National Security Agency. Still, the public’s response to Apple’s current plight remains divided.

While some pundits, commentators and high-profile figures have argued the FBI should be able to access phone records in cases where national security may be at risk, others have come to Cook’s defense, arguing he is right to protect Apple customers. I, too, believe he is right to stand his ground here. In an environment where many companies would allow law enforcement to access private information, Apple is standing up for consumers and suggesting they can no longer tolerate routine incursions into their private lives — whether the so-called trespassers hail from the halls of government or invade in the interest of commerce.

To create an iOS or any other kind of backdoor into a personal device creates moral hazard. The potato chip theory applies to law enforcement and the erosion of the constitutional rights guaranteed to all U.S. citizens. One potato chip leads to another, and it’s hard to stop eating them. In the same way, one legal mulligan leads to another.

There has to be a point in the evolution of consumer privacy (or its disintegration) where we can no longer lower our standards as fast as our situation is deteriorating. When it comes to our privacy we really have to stand firm — and Tim Cook is doing that.

Executive Director of the Privacy and Big Data Institute at Ryerson University Ann Cavoukian long ago coined the phrase “Privacy by Design” to describe what’s starting to happen in the U.S. marketplace. Her theory was that consumers will start shopping for the best deals on their privacy — the less personal information required by a potential service or product, the more appealing it will be to the consumer.

So in that regard, the Justice Department is right to suggest, as it did last week that Apple is trying to protect its “public brand marketing strategy.” But in this instance, the strategy is consumer advocacy — nothing more or less. Privacy is not a brand. It is a right. And, contrary to popular belief, it’s no longer particularly hard, either. Apple’s strategy is to provide a useable product that is safe — and protects users against a potential war on their privacy.

This story, which originally appeared as an Op/Ed contribution on Credit.com, does not necessarily represent the views of the company or its partners.

 

Identity theft is the fastest growing crime and consumer complaint in America, and benefit industry experts say concerned employees are seeking protection as an employer perk more than ever. New regulatory certainty about how identity theft protection benefits are taxed could increase the popularity of the benefit as an employer offering. 

More than 13 million Americans fall victim to identity theft every year, which means every three seconds someone's identity is stolen. Increased concern about the crime has individuals clamoring for identity theft protection benefits. How that benefit would be taxed, however, had been a topic of some debate in the benefit industry, with some employers eager to offer the benefit but concerned about the impact on employee income taxes.

Just before the new year, the Internal Revenue Service announced some good news and cleared the confusion, further incenting employers to offer the perk to employees.

In its Dec. 30 announcement, the IRS said it will allow preferential tax treatment for employer-provided identity theft benefits, despite the absence of a data breach. Generally, all benefits provided to an employee by an employer must be treated as income, unless the Code provides an exclusion. Previous guidance from the IRS created an exclusion for identity protection services, but only after a breach and only for individuals whose personal information might have been compromised.

“Identity theft coverage is growing in popularity as an employee benefit and being requested by clients more now than it ever has in the past in light of recent data breaches.  Standalone ID theft and legal carriers are also enhancing the features of their plans and reducing the cost on the group market to meet market demand. The clarification from the IRS regarding the taxability of this benefit is only going to drive sales of this product even more,” says Heather Garbers, vice president of Voluntary Benefits & Technology for Hub International’s western region. “We project this to be our fastest growing product in 2016 due to these reasons.”

“We view identity theft as a threat that will affect likely affect all of us throughout our lives and identity theft coverage will be a key benefit to have to identify data breaches earlier and make the process to restore identities less of a burden on the employees taking them less time away from the workplace,” she adds.The IRS’s latest announcement notes that several commenters requested guidance regarding the tax treatment of identity protection services provided before a data breach. According to the commenters, these services are being provided with increasing frequency in order to allow early detection of data breaches and minimize the impact of breaches when they occur. In response, the IRS has concluded that its previous guidance should be extended.

“The IRS will not assert that an individual must include in gross income the value of identity protection services provided by the individual’s employer or by another organization to which the individual provided personal information (for example, name, social security number, or banking or credit account numbers). Additionally, the IRS will not assert that an employer providing identity protection services to its employees must include the value of the identity protection services in the employees’ gross income and wages. The IRS also will not assert that these amounts must be reported on an information return (such as Form W-2 or Form 1099-MISC) filed with respect to such individuals,” the guidance states.

Any further guidance on the taxability of these benefits will be applied prospectively, it adds. “This guidance is welcome news for employers that want to offer identity protection services to employees as part of their data security strategy. They may now offer these services without increasing their (or their employees’) federal tax liability.  However, employers should be mindful of state and/or local tax laws as they may differ from federal tax law,” according to Tzvia Feiertag, a senior associate in the Labor & Employment Law Department of the global law firm Proskauer.

The preferential tax treatment does not apply to cash received in lieu of identity protection services or to proceeds received under an existing identity theft insurance policy, the guidance says. 

Article By Melissa A. Winn From Employee Benefit News

January 20, 2016 Web Article