14 DAY TRIAL // IRS’ Return Integrity and Compliance Services (RICS) organization failed to enroll 11,406 Social Security Numbers associated with 15 data breaches into the Dynamic Selection List (DSL) according to a U.S. Treasury Inspector General for Tax Administration (TIGTA) audit.
The DSL is used by a program designed to protect data breach victims' information from tax-related identity theft incidents and, because the roughly 11K SSNs weren't enrolled, 79 taxpayers were exposed to such events.
Moreover, RICS was able to successfully record around 730 data breaches on the organization's Incident Management Tracker Matrix, but its registration and monitoring procedures failed in the case of 89 data breaches reported to the IRS and experienced by multiple external entities.
"For 70 of these incidents, the RICS analysts did not request the external entity to provide the IRS with a list of stolen client Taxpayer Identification Numbers (TIN)," said TIGTA's report.
"The analysts should have also recorded these incidents on the tracker. In another four data breaches, the external entity declined to provide a TIN list."
An extra 28K taxpayers identification numbers involved in breaches might not have been protected
Following the report, the IRS completed its own analysis of the TIN registration and monitoring procedures assigned to the RICS organization and it was able to find 15,143 unique TINs which were not processed appropriately.
The identification numbers were eventually correctly processed and included within the fitting DSL identity theft protection database.
Furthermore, although RICS managed to include most of the TINs involved in 97 data breaches, TIGTA's audit unearthed the fact that there was a discrepancy between the number of identification numbers reported and the number added to the DSL database, with 147,123 reported and only 119,012 included.
This translates in 28,111 TINs which RICS might have failed to record and monitor, effectively exposing the taxpayers to identity theft attacks they should have been protected from.