The Internal Revenue Service failed to deactivate its Identity Protection Personal Identification Number program after a data breach in May 2015 for nearly a year, despite repeated recommendations from the Treasury Inspector General for Tax Administration, according to a new report.

The report, from TIGTA, said the IRS instead allowed the IP PIN application to stay up and running, although the IRS did try to lower the risk of fraudulent tax returns being filed with IP PINs during the 2016 filing season. The IRS planned to manually review any tax returns filed with an IP PIN that was viewed online via the application. However, TIGTA found that over one-third of the IP PINs were not reviewed. TIGTA found that 12,020 of the 32,623 tax returns filed between January 19 and May 24, 2016 with an IP PIN that was viewed online were not manually reviewed.

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access