The IRS noted Announcement 2015-22 today, that states:
[T]he IRS will not assert that an individual whose personal information may have been compromised in a data breach must include in gross income the value of the identity protection services provided by the organization that experienced the data breach. Additionally, the IRS will not assert that an employer providing identity protection services to employees whose personal information may have been compromised in a data breach of the employer’s (or employer’s agent or service provider’s) recordkeeping system must include the value of the identity protection services in the employees’ gross income and wages.
Generally, any accession to wealth is includable in income, and there’s a value for the data protection services. Of course, one of the largest data breaches this year was at the hands of…the IRS. While this is a clearly common sense approach, still one must wonder if the IRS would have released this announcement if one of the biggest entities to cause a data breach wasn’t the IRS.
Pingback: Tax Roundup, 8/14/15: IRS won’t tax victims of its data breach on IRS-provided credit monitoring. And: little birds as informants? « Roth & Company, P.C
Pingback: IRS Data Breach Impacted 334,000, Not 100,000 as IRS First Said « Taxable Talk
Pingback: Tax Roundup, 8/18/15: Oh, THOSE 200,000 hacks — the Get Transcript debacle worsens. Also: Crips, blog tax, and more! « Roth & Company, P.C