Tax-deductible standard mileage rates drop again in 2021
Make the most of mail tax deductions in December & beyond

Foreign hackers didn't get into IRS database, but Treasury faces serious breach


There's some bad and not-so-bad news when it comes to the recently discovered hacking of the Treasury Department.

Since we're still in god-awful 2020, let's start with the bad news. The hackers, believed by most security experts and many government officials to be Russian, were able to burrow deeply into the U.S. Treasury's computer operations, breaking into systems that are used by the department's highest-ranking officials.

The better news is that the Internal Revenue Service, the largest division within Treasury, appears to be unaffected by the cyber attack.

That's a relief to those of us who upon hearing that Treasury was a target immediately raised concerns about IRS' exposure.

Wide-ranging cyber attack: Sen. Ron Wyden (D-Oregon) delivered that mixed news following a briefing from IRS and Treasury, which was one of several government operations targeted by the hackers.

In addition to Treasury, the Departments of Commerce, State and Homeland Security, as well as the National Institutes of Health and parts of the Pentagon were compromised. The extent of the damage is still under investigation.

The cyber break-in apparently had been going on for months before it was discovered. Most security experts and many government officials believe Russia is behind the online incursion.

Wyden, the ranking Democrat on the Senate Finance Committee, and that panel's chairman, Sen. Charles Grassley (R-Iowa), last week wrote IRS Commissioner Chuck Rettig, asking for an immediate update on any potential security issues within that agency due to the hack.

Treasury, IRS sort-of details: After getting that requested update, Wyden issued a statement with some of the agencies' preliminary findings.

The key finding, per Wyden, is that the IRS has found no evidence that its systems were compromised. That means no taxpayer data was affected.

Treasury, however, is a different matter. The hacking there "appears to be significant."

"According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn't known," said Wyden.

However, what the department does know so far is pretty distressing.

Wyden reported that the hackers broke into systems in the Departmental Offices division of Treasury, which is home to the department's highest-ranking officials and their email communications.

Treasury Secretary Steven Mnuchin's email account apparently was not breached. Mnuchin, in an interview with the financial news cable network CNBC on Monday, Dec. 21, said that "at this point, we do not see any break-in into our classified systems." However, he did acknowledge that hackers managed to access some of Treasury's unclassified systems.

And not to be a cyber doomsayer, but things could change for the worse as the government-wide investigations continues. As Wyden noted in his statement, Treasury "still does not know all of the actions taken by hackers, or precisely what information was stolen."

Taxpayer action if identity is stolen: While we taxpayers can breathe a bit easier, for now, about the safety of our IRS tax data, we can't let up our guards. Criminals are still trying every day to steal our tax and personal information.

The IRS and its Security Summit partners in state tax offices, the tax software industry and tax professionals have made good progress in stemming tax identity theft and related refund fraud. But despite those efforts, it still happens.

Unfortunately, most taxpayers discover their tax identity has been stolen when they go to file their annual tax returns. The IRS alerts them that it has already received their filing.

If you find yourself a victim of tax identity theft, you'll need to fill out Form 14039. Identity Theft Affidavit. That document, which is this week's belated Tax Form Tuesday (thanks mileage rate announcement!), is used, as it notes right at top, to let the IRS know that it needs to "mark an account to identify questionable activity."

Form 14039 IRS identity theft affidavit
Excerpt of IRS Form 14039, Identity Theft Affidavit

You can't e-file Form 14039 (yet), but you can use its fillable form version that's available at Then print out the completed form, attach it to your real (also printed out) tax return and mail them per the form's instructions, which are on the form's second page (and shown below).

Form 14039 submission instructions

Other ID theft alerts: You also might learn your tax info has been compromised if you get a notice from the IRS about a filing for which you have no involvement.

In that case, call the number on the snail mailed notice immediately. Then follow IRS instructions, which likely will include file Form 14039.

The IRS also has a special web page, Identity Theft Victim Assistance: How It Works, which has more information about how the IRS can help in this distressing situation.

And if you previously contacted the IRS and your identity theft matter was not resolved, you can contact the agency for specialized assistance toll-free at (800) 908-4490.

Beyond tax identity theft: While tax identity theft is a major concern year-round (and obviously a big topic for the ol' blog), the holiday season brings additional worries.

Cyber crooks are out in force this time of year, using your shopping techniques to get access to your personal information.

Online shopping, which already was popular, was supercharged this year, with the coronavirus prompting more buyers to turn to their computer keyboards instead of shopping centers.

That's made a mess of deliveries this Christmas week. It's also been a fertile phishing (phone scams) and smishing (texting scams) grounds for identity thieves, as I noted in a recent Tweet.

Don't let your holidays be ruined by these crooks. Be aware and wary, this holiday season and into the 2021 tax season.

You also might find these items of interest:





Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.