Imagine this. A hacker breaks into the computer system of the company where you work and downloads employee data, including your social security number and date of birth. The company announces that they’ll pay for identity protection services for the employees, but then some wise guy says hey, isn’t that a taxable fringe benefit? Doesn’t the company have to include the value on the employee’s Form W-2, forcing the employee to pay tax on this amount?
Fortunately, the wise guys at the IRS say no. The employer doesn’t have to report this item on Form W-2 (or, for non-employees, on Form 1099-MISC), and the employee doesn’t have to report it on his or her tax return. And the same is true if you received identity protection services from a company where you shopped, if it’s provided because of a data breach. This rule doesn’t apply if you receive these services for reasons other than a data breach, or if you receive cash in lieu of such services.
details: IRS Announcement 2015-22 (PDF)