Oklahoma Tax Commission Reports Data Breach of OkTAP System Exposing Taxpayer Records
Learn More
The Oklahoma Tax Commission (OTC) confirmed a data breach involving its Oklahoma Taxpayer Access Point (OkTAP) system, which exposed sensitive taxpayer files. T
he agency first learned of suspicious activity in December 2025 through a collaborative effort with the Internal Revenue Service (IRS). . The incident is described as unauthorized access by unidentified actors who targeted the state's primary portal for tax filing and account management.
Investigations conducted by third-party cybersecurity specialists revealed that attackers maintained access to the OkTAP environment for approximately three months between September 18, 2025, and December 20, 2025.
The compromised data includes:
- Social Security numbers
- W-2 tax forms
- 1099 tax forms
- Full names
- Home addresses
- Personal identifiers and tax account metadata
The nature of the attack and the number of affected individuals is not disclosed.
OTC did not begin mailing notification letters to affected individuals until March 27, 2026. Impacted individuals are being offered 12 months of complimentary credit monitoring and fraud assistance services. The OTC stated it has since implemented additional security measures to harden the OkTAP system and prevent similar unauthorized access in the future.
