Why the IRS Won’t Tell Fraud Victims What Identity Thieves Stole

(Bloomberg) Tim Loo learned early this year that his name and Social Security number had made their way onto a fraudulent tax return, and immediately wondered whether the identity thief might also have his bank-account details or his kids’ Social Security numbers.

To survey the extent of the damage, Loo asked the Internal Revenue Service for a copy of the bogus return. It refused. TurboTax, whose tax-filing software the criminals had used, told him they couldn’t share the fake return with him either, for “privacy reasons.”

The Boston-based physician wondered: Whose privacy?

Loo is among the ranks of U.S. taxpayers—several million and rising sharply—who have had returns falsely filed in their name in recent years. New consumer-protection rules were supposed to make it easier for people like him to figure out what thieves have stolen. But there’s a catch: Other IRS rules encourage its workers to keep a tight grip on the bum returns. Employees face the specter of felony charges for giving out private details—including, possibly, those of the identity thieves—to those who aren’t authorized.

“It’s a shocker finding out that information can be stolen,” Loo said. “But the real frustration is with trying to get the information that you need to manage the situation.”

Neither the IRS nor Intuit Inc., the maker of TurboTax, track how many people have sought the returns wrongly filed in their names, much less how many of those have been turned down.

Millions of Returns
But the potential pool is big. About 2.4 million U.S. taxpayers’ names or Social Security numbers appeared in falsified returns in 2013, the most recent year available, according to a March report from the Treasury’s Inspector General for Tax Administration. That’s a nearly tenfold increase from 2010, according to the inspector general’s study.

That steep rise came even before the wave of fraudulent returns that prompted TurboTax, one of the largest tax-preparation firms in the world, to suspend filing state forms for customers in February.
In 2013, the IRS estimates it paid out about $5.8 billion on returns it later determined were fraudulent, and prevented more than four times that amount.

The IRS is careful not to release documents that could inadvertently include others’ private information, it said in a statement. The agency also works—with victims’ consent—with law enforcement agencies, which requested copies of nearly 7,000 returns last year, according to the e-mailed statement.

Fraud victims can get a copy of the return from TurboTax after submitting a written request and verifying their identity, said Julie Miller, a spokeswoman for Intuit. Of Loo’s situation, Miller said by e-mail: “He may have connected with an agent(s) who was not familiar with our policy.”

IRS Letter
Loo’s troubles started earlier this year, he said, when the IRS sent him a letter saying that his 2014 taxes had been filed in February. At that point, neither he nor his spouse had filed, he said.

Loo, who said he has been using the desktop version of TurboTax for five years, wanted to know whether the returns included his details that would require him to conduct further identity-scrubbing, he said. For months, he paid visits to offices of the local police and Social Security Administration, filed reports to several government agencies, including an Identity Theft Affidavit, Form 14039, to the IRS, to manage the fallout.

Victims’ Rights
What he really wanted was the bogus return, and there were a couple arguments in his favor.

Tax-fraud victims may be entitled to a copy of the “bad return” and information associated with it, the IRS’s legal department wrote in a 2012 memorandum available on the agency’s website. Loo said he also referenced the victims’ bill of rights, part of the 2012 Fair Credit Reporting Act, which says victims of identity fraud have the right to obtain documents relating to fraudulent transactions made or accounts opened using personal information.

Over several calls, Intuit maintained they couldn’t release the forms, for privacy reasons, he said. The company referred him to the IRS, he said, which told them it was against its policy to grant his request.

The IRS, in its statement, pointed to a section of the tax code that limits the release of taxpayer information to third parties. Fraudulent returns could include the private information of other victims, such as another person falsely claimed as a dependent, or of the criminal, it said. The IRS didn’t respond to a question about why it can’t redact such information.

Section 6103
Thanks to that stretch of the tax-code—section 6103, created by Congress in 1976 after revelations that President Richard Nixon had sought IRS audits of his political opponents—IRS workers can face criminal penalties for unauthorized disclosure of personal information. The penalty, as laid out in the tax and criminal codes, is up to five years in prison and a $250,000 fine.

IRS officials invoked section 6103 more than two dozen times to explain their silence during hearings in 2013, when lawmakers asked whether people at the agency unfairly scrutinized groups that advocated shrinking the government.

The IRS’s in-house ombudsman, the Taxpayer Advocate Service, has called for minimizing the burden and anxiety on identity-theft victims. The IRS “in many ways treats the victim as someone experiencing a minor inconvenience instead of a frightening personal disaster,” it said in a report to Congress last year.

Flickering Hopes
It’s understandable that victims of tax-related identity theft would want to learn what information was stolen to guard against future misuse of personal data, said National Taxpayer Advocate Nina Olson.

“We are currently assessing how much information we believe the IRS can provide” and may make a recommendation later this year, she said in an e-mail.

Meanwhile, Loo continues to try to get his hands on the return filed in his name. His hopes briefly flickered a few weeks ago when he received a letter from TurboTax. It was a bill, for the bogus return filed in his name, for $37.18.

Such charges can be corrected, Intuit spokeswoman Diane Carlini said in an e-mail, who explained that TurboTax attempts to collect on those bills because the government doesn’t tell the company when a return is fraudulent.

—With assistance from Richard Rubin in Washington.

For reprint and licensing requests for this article, click here.
Tax practice Data security Technology Tax fraud
MORE FROM ACCOUNTING TODAY