Jump to Page
Greenbaum, Rowe, Smith & Davis LLP Client Alert

In today’s cyber-risk filled environment, what are the income tax and payroll tax implications for receiving these benefits?

In Announcement 2015-22, the IRS has stated that it will not include the value of identity protection services provided by an organization that experienced a data breach in the gross income of an individual whose personal information may have been compromised in that breach.  

In addition, the IRS will not require employers providing identity protection services to employees whose personal information may have been compromised in a recordkeeping system data breach to include the value of the identity protection services in the employees’ gross income and wages. The reporting of these amounts on an information return (such as a Form W-2 or Form 1099) related to the impacted individual will also not be required.

It should be noted that Announcement 2015-22 does not apply to (1) cash received in lieu of identity protection services, (2) identity protection services received for reasons other than as a result of a data breach (such as identity protection services received by an employee in connection with his or her compensation benefit package), or (3) proceeds received under an identity theft insurance policy.

Please contact Jo Ann Gambale, the author of this Alert and an Associate in the firm’s Tax, Trusts & Estates Department, with any questions related to the taxation of credit monitoring services or related issues.