Identity Protection

Was your identity stolen? Request an Identity Protection PIN from the IRS

The Internal Revenue Service today reminded all taxpayers – particularly those who are identity theft victims – of an important step they should take to protect themselves from tax fraud.

Some identity thieves use taxpayers’ information to file fraudulent tax returns. By requesting Identity Protection PINs from the Get an IP PIN tool on IRS.gov, taxpayers can prevent thieves from claiming tax refunds in their names.

Identity Protection PINs and how to get one

An IP PIN is a six-digit number the IRS assigns to an individual to help prevent the misuse of their Social Security number or Individual Taxpayer Identification Number (ITIN) on federal income tax returns. The IP PIN protects the taxpayer’s account, even if they’re no longer required to file a tax return, by rejecting any e-filed return without the taxpayer’s IP PIN

Taxpayers should request an IP PIN:

• If they want to protect their SSN or ITIN with the IRS,
• If they want to protect their dependent’s SSN or ITIN with the IRS,
• If they think their SSN, ITIN, or personal information was exposed by theft or fraudulent acts or
• If they suspect or confirm they’re a victim of identity theft.

Taxpayers can go to IRS/getanippin to complete a thorough authentication check. Once authentication is complete, an IP PIN will be provided online immediately. A new IP PIN is generated every year for added security. Once an individual is enrolled in the IP PIN program, there’s no way to opt out.

The IRS may automatically assign an IP PIN if the IRS determines the taxpayer’s a victim of tax-related identity theft. The taxpayer will receive a notification confirming the tax-related ID theft incident along with an assigned IP PIN for future tax-return filings.

Taxpayers will either receive a notice with their new IP PIN every year in early January for the next filing season or they must retrieve their IP PIN by going to IRS/getanippin.

Tax-related identity theft and how to handle it

Tax-related identity theft occurs when someone uses a taxpayer’s stolen SSN to file a tax return claiming a fraudulent refund. In the vast majority of tax-related identity theft cases, the IRS identifies a suspicious tax return and pulls the suspicious return for review. The IRS then sends a letter to the taxpayer and won’t process the tax return until the taxpayer responds.

Depending on the situation, the taxpayer will receive one of three letters asking them to verify their identity:

• Letter 5071C, asks them to use an online tool to verify their identity and tell the IRS if they filed the return in question.
• Letter 4883C, asks the taxpayer to call the IRS to verify their identity and tell the IRS if they filed the return.
• Those who have been a victim of a data breach, they may receive Letter 5747C and be asked to verify their identity in person at a Taxpayer Assistance Center.

If the taxpayer receives any of these letters, they don’t need to file an https://www.irs.gov/newsroom/when-to-file-an-identity-theft-affidavit(Form 14039). Instead, they should follow the instructions in the letter.

When to File an Identity Theft Affidavit

If a taxpayer hasn’t heard from the IRS but suspects tax-related identity theft, they should complete and submit a Form 14039, Identity Theft Affidavit. Signs of possible tax-related identity theft include:

• A taxpayer can’t e-file their tax return because a duplicate tax return was filed using their Social Security number. (Check that there’s no error in the SSN, such as transposed numbers.)
• A taxpayer can’t e-file because a dependent’s Social Security number or ITIN was already used by someone on another return without the taxpayer’s knowledge or permission. (Also check that the SSN or ITIN is correct and be sure the dependent hasn’t filed a separate tax return.)
• A taxpayer receives a tax transcript in the mail they did not request.
• A taxpayer receives a notice from a tax preparation software company confirming an online account was created in their name, and they did not create one.
• A taxpayer receives a notice from their tax preparation software company that their existing online account was accessed or disabled when they took no action.
• A taxpayer receives an IRS notice informing them that they owe additional tax, or their refund was offset to a balance due, or that they have had collection actions taken against them for a year they did not earn any income or file a tax return.
• The IRS sends a taxpayer a notice indicating that the taxpayer received wages or other income from an employer for whom they didn’t work.
• The taxpayer was assigned an Employer Identification Number (EIN), but they did not request or apply for an EIN.

The IRS will work to verify the legitimate taxpayer, clear the fraudulent return from the taxpayer’s account and, generally, place a special marker on the account that will generate an IP PIN each year for the taxpayer who is a confirmed victim.

For information about tax-related identity theft, see Identity Protection: Prevention, Detection and Victim Assistance and IRS Identity Theft Victim Assistance: How It Works on IRS.gov. The Federal Trade Commission website also includes information about tax-related identity theft.

Signs of non-tax-related identity theft; no need to file form 14039

Non-tax-related identity theft occurs when someone uses stolen or lost personally identifiable information (PII) to open credit cards, obtain mortgages, buy a car or open other accounts without their victim’s knowledge.

Potential evidence of non-tax-related identity theft can include:

• An individual receives balance due bills from companies with whom they didn’t conduct business, magazine subscriptions they didn’t order, notifications of a mortgage statement, and/or credit cards for which they didn’t apply.
• An individual receives notices of unemployment benefits for which they didn’t apply.
• An individual receives a Notice CP 01E, Employment Identity Theft.
• An individual receives a Form W-2 or 1099 from a corporation or employer from whom they did not receive the income reported and they have not received a notice or letter from the IRS questioning them about that income.
• A taxpayer can’t e-file because a dependent’s SSN or ITIN was already used by someone who is known to the taxpayer but is not the parent or legal guardian, and the taxpayer did not provide permission for that person to claim the dependent. For additional information about this issue, see Publication 1819, Divorce and non-custodial, separated, or never married parents.

Victims of non-tax-related identity theft don’t need to report these incidents to the IRS but should take steps to protect against the type of identity theft they’ve experienced.