The Privacy Feature Nobody Knew About

Most taxpayers have no idea that their IRS Online Account maintains a complete record of every access event — including logins, system activity, device IDs, and internal IRS access. This is one of the most powerful tools you have to protect your tax data.

With the rise in identity theft, refund fraud, and cyber-intrusion, this feature gives you visibility into who touched your account — and when.

Your IRS Data Is Not Invisible — You Can Now See Access History

Your IRS Online Account contains extremely sensitive financial data — income sources, bank routing numbers, refund amounts, tax balances, and personal identity information.
Until recently, taxpayers had no way of knowing who accessed their IRS data — or when. Now, with the IRS Online Account Security Log, you have a transparent record of every login, attempt, and access point tied to your account.

This is one of the most important taxpayer-protection upgrades in decades.

What the Security Log Actually Shows

When you open the Security Log in your online IRS account, you’ll see detailed entries including:

• Successful logins
• Failed login attempts
• Device type used
• Browser type
• Access method (web, IRS2Go mobile app, linked login source)
• Location approximation of login
• Multi-factor authentication status
• Password changes
• Email address updates
• Security settings updates
• Recovery phone number changes
• Identity verification updates

This allows you to spot unauthorized access before damage happens.

How to Access Your IRS Security Log

Step-by-step:

1. Visit IRS.gov
2. Sign in to your IRS Online Account
3. Click Security
4. Select Security Log / Login History
5. Review all access events chronologically

Every entry will have:

• Date
• Time
• Access type
• Device
• Authentication status
• IP-associated location

If something looks wrong — it probably is.

Why This Matters More Than You Think

Most people assume IRS account breaches are rare. They aren’t.

Criminals target IRS accounts because they want:

• Your refund
• Your Social Security number
• Access to bank data
• Ability to file fraudulent returns
• Dependent information
• Prior-year tax return data
• Employment and wage history

And without this log, you would never know someone was snooping.

What a Red Flag Looks Like

Here are warning signs inside the Security Log:

• Login from another state
• Multiple failed login attempts
• Access from unfamiliar devices
• Access at unusual hours (e.g., 3:00 AM)
• Repeated MFA failures
• Password reset attempts you did not perform
• Changes made to bank deposit info
• Email or phone number changed

If you see any of these — you must take immediate action.

What To Do If You See Suspicious Activity

Take these steps:

1. Change your IRS account password immediately
2. Enable two-factor authentication (required, but verify phone number)
3. Review your bank account info
4. Review your authorized representatives
5. Check if a new refund deposit account has been added
6. Request an IP PIN
7. Notify the IRS Identity Protection unit if needed

The IP PIN is the strongest protection — no one can file a return in your name without it.

How Thieves Use Compromised Accounts

Criminals may:

• File a fake return claiming dependents
• Redirect a refund to a prepaid debit card
• Alter bank routing info
• Download prior-year returns
• Use your SSN to open credit lines
• Claim fraudulent Earned Income Credits
• Sell your tax profile on the dark web

Your tax identity is extremely valuable — especially if you have consistent employment income history.

Bonus: Check If a Tax Preparer Has Access

Your IRS account may show:

• Linked external login credentials
• Authorized tax professionals
• System access by approved third-party

If you previously hired a tax preparer — and their access remains active — you may want to revoke it.

Your IRS Online Account Security Log is a powerful protection tool. It gives you the ability to:

• Monitor all accesses
• Detect unauthorized activity
• Prevent refund theft
• Track login anomalies
• See if your data was used without your knowledge
• Catch identity theft early
• Verify legitimate access vs suspicious access

Every taxpayer should check their Security Log at least once during tax season.