Taxability of Identity Theft Protection Services

Your Guide to State, Local, Federal, Estate + International Taxation

Recent years have brought a slew of high-profile data breaches of major organizations. Some of the largest breaches include Target, Anthem Health Care, Home Depot and most recently, Ashley Madison. Even the U.S. Government has not been immune, as the Office of Personnel Management suffered a major breach in June of 2015.

These data breaches have potentially compromised the personal information of individuals ranging into the hundreds of millions. Stolen data can include names, social security numbers, credit card information and personal information such as medical records. In the wake of these breaches, which are extremely damaging on a public relations level, many companies have attempted to mitigate the situation by offering free identity theft protection services to customers whose data may have been compromised.

The cost of these services can range upwards of $50 per month. Since the recipients of these services are not paying for their value, the question of taxability was quickly raised. The IRS addressed the matter under Announcement 2015-22, stating that they “will not assert that an individual whose personal information may have been compromised in a data breach must include in gross income the value of the identity protection services provided by the organization that experienced the data breach.” To boil that down, essentially the services received are not taxable.

However, taxpayers should note that if an organization chooses to compensate potential identify theft victims with a cash payment rather than identity protection services, that the cash payment is considered taxable income.

For all the details, check out the full Announcement 2015-22.

By Austin Bradley, CPA