A data breach at the Oklahoma Tax Commission has left many residents worried about the security of their personal information after hackers accessed sensitive data through the state’s OKTAP tax portal.>> Download the KOCO 5 app | Subscribe to KOCO 5’s YouTube channel | Sign up for KOCO 5’s Morning NewsletterThe agency sent letters last week to notify individuals whose names and Social Security numbers were in the impacted files. The breach was discovered in December, and the commission is providing complimentary credit monitoring and fraud assistance.Tanner Shinn, principal security engineer at Alius Cybersecurity, expressed concern about the breach. “If you just think about how many people are filing taxes this way, how many people are using the OKTAP portal, I’m fairly certain I’ve used it. It’s a little bit concerning because your Social Security number and your W-2s are in there,” Shinn said.Shinn explained the complexity of monitoring large systems. “Whenever you got a lot of systems with back-and-forth traffic going on, you have a bunch of users that are in doing stuff day in and day out. Just like with any building, when you work in a big building with a whole bunch of people, you don’t know everything that’s going on or notice every single thing that’s happening,” Shinn said.Shin also spoke about the commonality of such breaches in today’s digital age. “I’m sure it’s quite possible for someone to get in there, especially if they don’t have the tools or the security staff to actually have a good monitoring platform with robust testing to make sure these sorts of things don’t happen, and everybody knows that requires money,” Shinn said.Shinn advised monitoring accounts but mentioned that freezing them might not be necessary.”The damage that might happen may have already happened, so there could be a lot of people who are getting answers rather than having things happen to them,” Shinn said.Shinn recommended taking advantage of any services offered to protect information, but cautioned that these services are not perfect and do not last forever. Get the latest news stories of interest by clicking here.”Those services in themselves are not perfect and also don’t last forever,” Shinn said.The Oklahoma Attorney General’s Office is aware of the situation, but the Office of Management and Enterprise Services is handling the investigation. There has been no response yet from OMES regarding the breach.Below is the full statement from the Oklahoma Tax Commission.”The Oklahoma Tax Commission (“OTC”) takes the protection of taxpayer information very seriously and information privacy and security are among the OTC’s highest priorities. Working with the IRS, in December 2025, the OTC learned of suspicious activity within its Oklahoma Taxpayer Access Point (“OkTAP”) system. In response, the OTC promptly launched an investigation with the assistance of third-party cybersecurity and digital forensic specialists.Through the investigation, the OTC learned that the event involved taxpayer information. We cannot speak to the total number of individuals involved; however, impacted individuals have been notified directly by mail with details regarding the event and information about complimentary credit monitoring and fraud assistance services the OTC made available to them.Additionally, the OTC has implemented several additional security measures to prevent this event from occurring in the future. The OTC sincerely regrets any concern this incident may cause and remains committed to strong safeguards and protecting the information entrusted to the agency.”Top HeadlinesTIMELINE: Enhanced storm risk as tornadoes and large hail possible Wednesday in OklahomaFBI Director Kash Patel travels to Oklahoma to discuss prosecuting crimes in Indian CountryAstonishing video shows windsurfer crash into gray whale in San Francisco BayBody cam video shows moment stolen Bud Light semi crashes into a deputy’s cruiserA visual guide to the Artemis II launch taking humans around the moon
A data breach at the Oklahoma Tax Commission has left many residents worried about the security of their personal information after hackers accessed sensitive data through the state’s OKTAP tax portal.
>> Download the KOCO 5 app | Subscribe to KOCO 5’s YouTube channel | Sign up for KOCO 5’s Morning Newsletter
The agency sent letters last week to notify individuals whose names and Social Security numbers were in the impacted files. The breach was discovered in December, and the commission is providing complimentary credit monitoring and fraud assistance.
Tanner Shinn, principal security engineer at Alius Cybersecurity, expressed concern about the breach.
“If you just think about how many people are filing taxes this way, how many people are using the OKTAP portal, I’m fairly certain I’ve used it. It’s a little bit concerning because your Social Security number and your W-2s are in there,” Shinn said.
Shinn explained the complexity of monitoring large systems.
“Whenever you got a lot of systems with back-and-forth traffic going on, you have a bunch of users that are in doing stuff day in and day out. Just like with any building, when you work in a big building with a whole bunch of people, you don’t know everything that’s going on or notice every single thing that’s happening,” Shinn said.
Shin also spoke about the commonality of such breaches in today’s digital age.
“I’m sure it’s quite possible for someone to get in there, especially if they don’t have the tools or the security staff to actually have a good monitoring platform with robust testing to make sure these sorts of things don’t happen, and everybody knows that requires money,” Shinn said.
Shinn advised monitoring accounts but mentioned that freezing them might not be necessary.
“The damage that might happen may have already happened, so there could be a lot of people who are getting answers rather than having things happen to them,” Shinn said.
Shinn recommended taking advantage of any services offered to protect information, but cautioned that these services are not perfect and do not last forever.
Get the latest news stories of interest by clicking here.
“Those services in themselves are not perfect and also don’t last forever,” Shinn said.
The Oklahoma Attorney General’s Office is aware of the situation, but the Office of Management and Enterprise Services is handling the investigation.
There has been no response yet from OMES regarding the breach.
Below is the full statement from the Oklahoma Tax Commission.
“The Oklahoma Tax Commission (“OTC”) takes the protection of taxpayer information very seriously and information privacy and security are among the OTC’s highest priorities. Working with the IRS, in December 2025, the OTC learned of suspicious activity within its Oklahoma Taxpayer Access Point (“OkTAP”) system. In response, the OTC promptly launched an investigation with the assistance of third-party cybersecurity and digital forensic specialists.
Through the investigation, the OTC learned that the event involved taxpayer information. We cannot speak to the total number of individuals involved; however, impacted individuals have been notified directly by mail with details regarding the event and information about complimentary credit monitoring and fraud assistance services the OTC made available to them.
Additionally, the OTC has implemented several additional security measures to prevent this event from occurring in the future. The OTC sincerely regrets any concern this incident may cause and remains committed to strong safeguards and protecting the information entrusted to the agency.”
Top Headlines