What Tax Professionals Should Do If They Suffer a Data Breach

 Posted on February 22, 2017 in Taxation Law

Cybercriminals target tax professionals in order to gain access to sensitive client data. With this data, criminals can file tax returns fraudulently and be issued a tax refund. Tax professionals have a duty to keep client data secure. When client data is compromised, tax professionals must take certain steps to protect themselves and their clients. Following certain steps can also help prevent tax refunds from being issued to cybercriminals. 

1. Inform the Internal Revenue Service and law enforcement agencies.

• Notify the IRS. Your local IRS Stakeholder Liaison will take a report of client data compromise. The liaison will then inform the IRS Criminal Investigation unit on your behalf. It may be possible for the IRS can block the fraudulent returns based on the stolen data. For this to happen, reporting the breach to the IRS must occur quickly.
  
  
• Contact your local Federal Bureau of Investigation (FBI) office.
  
  
• If directed, notify your local Secret Service office.
  
  
• File a police report with your local police station. 

2. Notify states in which you prepare state returns.

• Contact the state’s tax agencies in each state where you prepare returns.
  
  
• Notify the state attorney general’s office in each state where you prepare returns. The process varies by state, but many states require that the state attorney general receive notice of data breaches.

3. Reach out to experts. 

• A security expert will be able to identify the source of the breach and its magnitude. A security expert will also be able to identify measures that can be taken to strengthen your office’s network.
  
  
• Contact your insurer. It may be possible that your insurance policy covers data breaches. 

4. Notify clients and service providers.

• Clients should be notified as soon as possible; however, the timing of the notifications should be coordinated with law enforcement. Remember that data from previous years may also be compromised and that you may have to contact old clients. The Federal Trade Commission (FTC) has provided templates for firms that experience data breaches.
  
  
• The provider of your tax software, if alerted, may be able to prevent fraudulent use of your account for filing purposes.
  
  
• The providers of your business’ website and client portal can determine if passwords were stolen and can initiate a reset.
  
  
• Certain states require that victims of identification theft be offered credit monitoring and other services. You should contact a credit/ID theft protection agency.
  
  
• Credit bureaus should also be notified because your clients may require their services.

Contact a San Jose Tax Attorney

These preliminary steps can help you protect yourself and your clients. If you have been involved in a data breach, you may also wish to contact a tax attorney. Call experienced San Francisco Bay Area tax law attorney John D. Teter at 408-866-1810 to set up an initial consultation today.

Source: 

https://www.irs.gov/uac/what-to-do-if-you-suffer-a-data-breach-or-other-security-incident