Drake Software blog for tax pros, covering tax, IRS news, and more

Speed Matters When Reporting Client Data Theft

The Internal Revenue Service this week issued the tenth and final installment in its Tax Security 101 email series, highlighting how to report client data theft incidents. Previous issues ranged from basic security tips to common fraudster tactics—all underscoring the importance of data security now that cybercriminals increasingly target tax professionals with identity theft schemes and the FTC requires preparers have a written data plan in place.

The IRS stressed that tax professionals report client data theft incidents as soon as possible, because the agency could stop fraudulently filed returns from being processed. At a time when identity thieves are creating complex scams—like fraudsters actually depositing fraudulently acquired refunds in victims’ real bank accounts before posing as a collections representative trying to recover the funds for “the IRS”—acting quickly could insulate clients from related risks later in the year.

Since most people don’t have prior experience dealing with data theft, the IRS outlined what affected taxpayers need to do to quickly report an incident. The process begins with alerting federal and state revenue and law enforcement authorities before contacting security experts and affected clients.

Aside from potentially blocking fraudulently submitted returns, federal and state revenue services can refer affected tax professionals to the appropriate law enforcement authorities that might need to be contacted depending on the nature of the data breach, like the FBI or state attorney general.

The agency also noted that security experts will help “determine the cause and scope of the breach” and help “stop the breach and … prevent further breaches from occurring,” while the FTC, credit bureaus, and law enforcement officials will coordinate the timing for contacting clients and appropriate next steps for all involved parties.

Additional resources provided in the Tax Security 101 email include links to the FTC’s Safeguards Rule, the IRS’s Publication 4557, and the NIST’s Small Business Information Security: The Fundamentals. The IRS also announced an upcoming data security webinar that will be held on September 26.

Source: IRS Newswire

Ryan Norton

Whether designing superheroes, penciling caricatures, or just doodling, I always knew I was going to earn some sort of art degree while in college. That was my goal before I decided to trade Edgar Degas for Edgar Allan Poe during a Freshman English class. The BA in English soon morphed into a double-major in English and Philosophy, eventually becoming an MA in English. It only makes sense that I learned of a writing opportunity for a local marketing firm while teaching a first-year college English course. Before I knew it, I was writing and editing tax-related articles for Taxing Subjects, and this has been my home since 2014.

comments powered by Disqus