Speed Matters When Reporting Client Data Theft
The Internal Revenue Service this week issued the tenth and final installment in its Tax Security 101 email series, highlighting how to report client data theft incidents. Previous issues ranged from basic security tips to common fraudster tactics—all underscoring the importance of data security now that cybercriminals increasingly target tax professionals with identity theft schemes and the FTC requires preparers have a written data plan in place.
The IRS stressed that tax professionals report client data theft incidents as soon as possible, because the agency could stop fraudulently filed returns from being processed. At a time when identity thieves are creating complex scams—like fraudsters actually depositing fraudulently acquired refunds in victims’ real bank accounts before posing as a collections representative trying to recover the funds for “the IRS”—acting quickly could insulate clients from related risks later in the year.
Since most people don’t have prior experience dealing with data theft, the IRS outlined what affected taxpayers need to do to quickly report an incident. The process begins with alerting federal and state revenue and law enforcement authorities before contacting security experts and affected clients.
Aside from potentially blocking fraudulently submitted returns, federal and state revenue services can refer affected tax professionals to the appropriate law enforcement authorities that might need to be contacted depending on the nature of the data breach, like the FBI or state attorney general.
The agency also noted that security experts will help “determine the cause and scope of the breach” and help “stop the breach and … prevent further breaches from occurring,” while the FTC, credit bureaus, and law enforcement officials will coordinate the timing for contacting clients and appropriate next steps for all involved parties.
Additional resources provided in the Tax Security 101 email include links to the FTC’s Safeguards Rule, the IRS’s Publication 4557, and the NIST’s Small Business Information Security: The Fundamentals. The IRS also announced an upcoming data security webinar that will be held on September 26.
Source: IRS Newswire