Oklahoma Tax Commission Data Breach

The Oklahoma Tax Commission (OTC) recently reported a data breach involving unauthorized access to personal information through the Oklahoma Taxpayer Access Point (OkTAP) system. The breach, which affected 14 Maine residents, involved sensitive data such as Social Security numbers and names. The breach occurred over a span of several months between July 5, 2024, and December 20, 2025, and was discovered in March 2026.

Oklahoma Tax Commission’s Data Breach Investigation

In December 2025, the OTC discovered suspicious activity within the OkTAP system. Upon learning of the issue, the OTC promptly initiated an investigation with the assistance of third-party cybersecurity experts and digital forensics specialists. The investigation revealed that unauthorized access had occurred to certain W-2 and 1099 files containing sensitive personal data, including names and Social Security numbers, between July 5, 2024, and December 20, 2025.

In response, the OTC took several steps to address the situation. The agency cooperated with the IRS to monitor for fraudulent tax filing activity, and a comprehensive review of the affected files was conducted to identify the impacted individuals. The OTC also reviewed its security standards and implemented additional safeguards to prevent future incidents.

On March 27, 2026, the OTC notified the affected Maine residents, informing them of the breach and the steps being taken to protect their personal information.

When Did This Breach Occur?

The breach occurred between July 5, 2024, and December 20, 2025, when unauthorized access was gained to the OkTAP system. The breach was discovered by the OTC on March 10, 2026.

What Information Was Breached?

The data breach involved the following types of personal information:

• Full names
• Social Security numbers

This sensitive information was accessed during the breach, although there is no evidence at this time that the data has been misused by third parties.

What You Can Do

If you were impacted by the OTC data breach, there are several steps you can take to protect yourself from identity theft and fraud:

• Monitor Your Credit Reports: Stay vigilant by regularly checking your credit reports for any signs of suspicious or fraudulent activity. You can obtain a free copy of your credit report from the three major bureaus once a year at www.annualcreditreport.com.
• Enroll in Credit Monitoring Services: Take advantage of the complimentary credit monitoring and identity theft protection services being offered by the OTC through Cyberscout, a TransUnion company.
• Place Fraud Alerts or Credit Freezes: Consider placing a fraud alert or security freeze on your credit files. This will alert creditors to verify your identity before making any changes to your accounts or opening new ones.
• File Your Tax Returns Early: If you haven’t already filed your tax returns, do so as soon as possible to reduce the risk of tax fraud.
• Report Suspicious Activity: If you notice any unusual or unauthorized activity, report it to the relevant authorities, such as the Federal Trade Commission, your state Attorney General, and law enforcement.

The OTC has provided impacted individuals with detailed guidance on how to protect themselves against further fraud and identity theft.

File a Data Breach Lawsuit Against Oklahoma Tax Commission

If you were affected by the OTC data breach, you may be eligible to pursue legal action, including filing a lawsuit to seek compensation for any damages caused by the breach, such as identity theft or financial loss.

Contact Class Action U today for a free consultation. Our experienced legal partners specialize in data breach lawsuits and can guide you through the process. There is no cost or obligation to speak with an attorney.

Don’t let this breach go unaddressed. Take action today to protect your rights and ensure your personal information is secure.