After the Equifax data breach, year-end tax planning may be even more important. Social Security numbers were among the data exposed in the Equifax hack, which affects up to 143 million people. Immediate to-dos have focused on fraud alerts, credit freezes and monitoring to curtail thieves’ ability to open new accounts in victims’ names. But experts say consumers should also start thinking ahead to tax season — when criminals could potentially use those stolen Social Security numbers to file fraudulent tax returns and snare refunds. It’s still unclear what impact the Equifax breach could have on the 2018 filing season.
So, what can you do? First, some unwelcomed news. IRS protections currently in place — filing an identity-theft affidavit or obtaining a filing PIN (more on that, below) — are specifically for victims of tax-related identity theft. Having your Social Security number exposed in a data breach isn’t enough. As the IRS notes in its taxpayer resource, “not every data breach results in identity theft, and not every identity theft is tax-related identity theft.” But there are still some steps you can take to mitigate the risks ahead of tax time:
Prepare to file early
‘File early’ doesn’t mean rush to file and risk underreporting income or having to file an amended return later. Now, we’re aware that not everyone can file early, if you’re waiting on 1099s for dividends and interest they may not show up until mid-February and taxpayers with partnership income with K-1’s may still be waiting until later in the season. However, you do have the ability to prep and to be organized.
- Review your most recent tax return. That can provide a good framework for this year, in terms of deductible expenses to tally and official documents (W-2s, 1099s, etc.) to expect, Gagnon said. Note any changes, say, if you switched jobs, or opened a new investment account.
- Make a list of key documents you’ll need, so you can check them off as they arrive and see at a glance what you are still waiting on. (See common deadlines, below.) Be proactive about calling or emailing to track down a late document, he said.
- If you have moved this year, reach out to any of the employers, financial institutions and other entities sending you key forms, to make sure they have your current mailing address and contact information, he said.
- Start gathering receipts and records for potentially deductible expenses, like charitable donations or business expenses.
- Monitor online accounts. Some entities only make tax documents available online, rather than mailing a copy; others offer online access well before they send paper copies in the mail.
Monitor your tax record
The IRS offers online access that lets taxpayers see details of their tax account. It can be an effective way to monitor your account, if you’re concerned. You would be able to see if someone files a return in your name and act quickly. Signing up for this account can be difficult as the IRS requires an immense amount of personal information to gain the online access.
Consider a PIN
The IRS does offer so-called identity protecting PINs, or IP PINs, to prevent someone from filing a fraudulent return with your Social Security number. Participants get a new six-digit number each year, without which your e-filed return will be rejected and a paper return, significantly delayed.
Currently, IRS guidelines only allow you to get an IP PIN if you filed last year’s return with a home address in Florida, Georgia or Washington, D.C., where the government is running a pilot program. PIN protection isn’t foolproof, the IRS PIN system has been subject to cyberattacks as well. Earlier this year, the Treasury inspector general for tax administration released a report noting inconsistencies in IRS processes that left some victims without PINs.
Watch for fraud flags
Fraudulent tax returns aren’t the only tax-time identity theft issue to keep an eye on. The IRS warns that receiving certain tax documents or IRS notices — like a CP2000 to verify unreported income or a 1099 from an employer you haven’t worked for — can be a red flag for employment-related identity theft.