During your day to day work, you may notice something that leads you to believe you may have been hacked, experienced a breach, data theft or unauthorized persons using your program to file returns.
Clues that might indicate suspicion of Data Theft e-file fraud:
- Why did the software e-file returns I never submitted?
- Was there a software update that caused the program to e-file returns automatically?
- I am getting e-file statuses back for returns I never sent.
- I am getting acknowledgements back for returns that don?t have a submission ID.
- Why am I getting incomplete e-file statuses back? (i.e. they do not show any or all of the following statuses in F4: Passed Validation, Ready To Send, or Sent to Lacerte)
- How can I tell who sent returns from my office?
If the above clues are present, your computer may have been accessed by someone not authorized to do so. This may have resulted in unauthorized access to your clients? data and to your ProConnect desktop software.
Read the recent IRS Newswire Alert dated September 2, 2016 (Issue IR-2016-119) for more information.
- Go to IRS e-Services and check your EFIN Activity Report to see if more returns have been filed on your EFIN than you are aware of.
- Check to see if you can tell if the returns in question were submitted at odd hours that are not during normal hours of operation such as overnight or on weekends.
- Were the returns Transmitted on a Monday or Tuesday morning?
- Typically, a thief will remotely steal the client data over the weekend when no one is in the office to notice. They then rework the returns over the weekend, and transmit on a normal business workday just after the weekend.
Your Next Steps If You Confirm Unauthorized Access
- Secure your network.
- Have your IT professional secure your systems, including a "deep scan" for malware or viruses, change all user passwords to strong, unique passwords to prevent additional access.
- Determine unauthorized access.
- Have your IT professional review network and workstation logs to determine the source of unauthorized access. It may be though a remote access program or tool.
- Secure Program User Access.
- Change your password on your Intuit MyAccount, and review users on your MyAccount.
- Disable Compromised EFIN.
- Notify the IRS that your firm identity, including EFIN, may have been compromised and get a new EFIN. Call the e-Services Help Desk at (866) 255-0654 for assistance.
- Carefully review the Data Theft Information for Tax Professionals link on irs.gov, and follow the steps for contacting the IRS and law enforcement: https://www.irs.gov/individuals/data-theft-information-for-tax-profesionals
- Engage IRS.
- Report your client data theft to your local stakeholder liaison at https://www.irs.gov/businesses/small-businesses-self-employed/stakeholder-liaison-local-contacts-1. Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in your clients? names.
- Notify Insurance Carrier.
- Notify your liability insurance carrier to report the incident. They can provide you additional guidance.
- Legal Counsel.
- Notify and seek guidance from your legal counsel regarding your obligations to your clients. You may need to notify clients of the potential identity theft and to alert the Federal Trade Commission at www.Identitytheft.gov.
- Verify New EFIN.
- In order to continue to use our software, you will need to submit your new credentials for EFIN Verification to www.IntuitAccountants.com/EFIN-Facts so we can enable your new EFIN for use with your Customer Account Number.
- DO NOT enter your new EFIN into the tax software until your IT professional has secured your network systems to prevent further unauthorized access.
- File Correct Returns.
- File form 14039, ID Theft Affidavit, with a PAPER-Filed return for each affected SSN as soon as possible, so the IRS has the correct return. This form kicks off several protocols and protections for your clients.
- Client IP PINS.
- Discuss with the IRS Stakeholder Liaison obtaining Identity Protection PINs for all your clients whose personal data may have been accessed to prevent fraudulent tax filings next year: https://www.irs.gov/individuals/the-identity-protection-pin-ip-pin?_ga=1.83156118.1234968964.1463410454
The IRS has other helpful information. We suggest you also review:
- Data Theft Information for Tax Professionals: https://www.irs.gov/individuals/data-theft-information-for-tax-profesionals
- Publication 4557, Safeguarding Taxpayer Data - provides information for reporting incidents and other helpful materials: https://www.irs.gov/pub/irs-pdf/p4557.pdf
- Publication 5199, Tax Preparer Guide to Identity Theft - provides information on how to spot ID Theft, and how to assist victims of ID Theft, with additional resources: www.irs.gov/pub/irs-pdf/p5199.pdf
- Publication 4660, Tips for Safeguarding Taxpayer Data - provides security measures your firm should be following and Privacy and Security Rules that apply to Tax Professionals: www.irs.gov/pub/irs-pdf/p4600.pdf
- IRS Pub. 4535: Identity Theft Prevention and Victim Assistance