Starting September 23, the Internal Revenue Service will be moving to a new format of its tax transcripts in an effort to better protect taxpayers’ personal data from theft by cybercriminals.
The new format for individual tax transcripts will redact personally identifiable information from the Form 1040 series. It replaces the previous format and will be the default format available via Get Transcript Online, Get Transcript by Mail or the Transcript Delivery System for tax professionals.
Financial entries will remain visible, which will give taxpayers and third-parties the data they need for tax preparation or income verification.
The following information will be provided on the new transcript:
- Last 4 digits of any SSN listed on the transcript: XXX-XX-1234
- Last 4 digits of any EIN listed on the transcript: XX-XXX-1234
- Last 4 digits of any account or telephone number
- First 4 characters of the last name for any individual
- First 4 characters of a business name
- First 6 characters of the street address, including spaces
- All money amounts, including balance due, interest and penalties
A sample of the new transcript format is included below.
“Since the IRS joined in partnership with the states and tax industry in 2015, we’ve made great progress in our effort to combat stolen identity refund fraud. Our numbers are going in the right direction,” said Acting IRS Commissioner David Kautter.
“To maintain our progress, we continue to evaluate our policies and procedures on an ongoing basis. One area that we identified as in need of change was the individual tax transcript area. We believe the change we are announcing today will better protect taxpayer data from unauthorized disclosure and theft.”
The IRS also has created a new Customer File Number that lenders, colleges and other third parties that order transcripts for non-tax purposes can use as an identifying number instead of the taxpayer’s SSN.
GAO Identifies Deficiencies in Protecting Taxpayer Data
The announcement from the IRS came shortly after the Government Accountability Office released a report in which it said that the IRS has more work to do in protecting taxpayer data.
“…continuing and newly identified control deficiencies limited the effectiveness of security controls for protecting the confidentiality, integrity, and availability of IRS’s financial and tax processing systems,” wrote the GAO.
The report added, “Until IRS takes additional steps to address unresolved and newly identified control deficiencies and effectively implements components of its information security program, IRS financial reporting and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification, or disclosure.”