State Tax Commission Fails To Notice Data Breach for 18 Months – Taxpayers’ Names and Social Security Numbers at Risk

A US state tax agency has placed taxpayers’ personal info at risk by missing an extended data breach that lasted 18 months.

The Oklahoma Tax Commission (OTC) says the breach happened between July 2024 and December 2025, per a new filing with the Office of the Maine Attorney General.

The agency failed to notice the suspicious activity until December, noting there was unauthorized access to certain W-2 and 1099 files in their online taxpayer portal.

The filing indicates names and social security numbers were stolen in the breach, though the OTC didn’t disclose the total number of impacted individuals.

The agency says it has an “ongoing commitment to the privacy of information in its care” and will review its existing security standards.

“Information privacy and security are among the OTC’s highest priorities. The OTC’s response included completing an investigation, cooperating with the Internal Revenue Service (“IRS”) to further its investigation so it can monitor fraudulent tax filing activity, and undertaking a comprehensive review of the accessed files to determine the individuals involved in the incident.”

The OTC also says it will provide access to credit monitoring and identity theft protection services for one year through Cyberscout, a TransUnion company.

Generated Image: Midjourney

The post State Tax Commission Fails To Notice Data Breach for 18 Months – Taxpayers’ Names and Social Security Numbers at Risk appeared first on The Daily Hodl.