As a breachee, IRS shows some compassion to those suffering from breaches of data bases other than IRS’ own.

So we now have guidance that IRS won’t assert tax liability for credit monitoring and anti-fraud services furnished to those caught with their breaches down.

Read all about it in Notice 2015-22.

“Questions have been raised concerning the taxability of identity protection services provided at no cost to customers, employees, or other individuals whose personal information may have been compromised in a data breach. Existing guidance does not specifically address these questions.

“The IRS will not assert that an individual whose personal information may have been compromised in a data breach must include in gross income the value of the identity protection services provided by the organization that experienced the data breach. Additionally, the IRS will not assert that an employer providing identity protection services to employees whose personal information may have been compromised in a data breach of the employer’s (or employer’s agent or service provider’s) recordkeeping system must include the value of the identity protection services in the employees’ gross income and wages. The IRS will also not assert that these amounts must be reported on an information return (such as Form W-2 or Form 1099-MISC) filed with respect to such individuals.” Notice, at p. 2.

But before the breached get too elated, let them note well the following.

“This announcement does not apply to cash received in lieu of identity protection services, or to identity protection services received for reasons other than as a result of a data breach, such as identity protection services received in connection with an employee’s compensation benefit package. This announcement also does not apply to proceeds received under an identity theft insurance policy; the treatment of insurance recoveries is governed by existing law.” Notice, at p. 2.

And organizations providing identity protection otherwise than after a breach have until October 13 to dish on the subject at notice.comments@irscounsel.treas.gov.