Intuit HelpIntuit
Data theft next steps for tax professionals
by Intuit•1• Updated 5 months ago
During your day-to-day work, you might notice something that indicates you might have been hacked, experienced a breach, data theft or have had unauthorized individuals using your program to file returns. Review the following to determine suspicion and next steps.
Clues that might indicate suspicion
If any of the following have happened, your account or computer might have been accessed by someone not authorized, resulting in unauthorized access to your client’s data and to your software.
- The software e-filed returns you never submitted.
- You’re getting e-file statuses back for returns you never sent.
- You’re getting acknowledgements back for returns without a submission ID.
- You’re getting incomplete e-file statuses back. For example, they don’t show any or all of the following statuses in F4: Passed Validation, Ready to Send, or Sent to Lacerte.
- Returns were submitted at odd hours that aren't during your normal hours of operation. Typically, a thief will remotely steal client data over the weekend when no one is in the office to notice, then will rework the returns over the weekend and send them on a business workday.
To confirm unauthorized access
- Go to IRS e-Services and locate your EFIN Activity Report to see if returns have been filed on your EFIN that you weren't aware of.
- Secure your network.
- Have your IT professional secure your system, including a deep scan for malware or viruses.
- Change all user passwords to strong, unique passwords to prevent additional access.
- Determine unauthorized access.
- Have your IT professional review network and workstation logs to find the source of unauthorized access; it may be through a remote access program or tool.
- Secure program user access.
- Change your password on your Intuit MyAccount, and review the users listed.
- Disable compromised EFIN.
- Notify the IRS that your firm identity, including EFIN, may have been compromised and get a new EFIN. Call the IRS e-Services Help Desk.
- Review IRS recommendations.
- Carefully review Data Theft Information for Tax Professionals and follow the steps for contacting the IRS and law enforcement.
- Engage the IRS.
- Report your client data theft to your local stakeholder liaison. Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical and if reported quickly, the IRS can take steps to block fraudulent returns made in your client’s names.
- Notify your insurance carrier.
- Contact your liability insurance carrier to report the incident and they can provide you with additional guidance.
- Notify legal counsel.
- Seek guidance from legal counsel regarding obligations to your clients. You may need to notify clients of the potential identity theft and alert the Federal Trade Commission at IdentityTheft.gov.
- Verify new EFIN.
- To continue using our software, you'll need to send your new credentials for EFIN verification, so we can enable your new EFIN for use with your Customer Account Number.
- Don’t enter your new EFIN into the tax software until your IT professional has secured your network systems to prevent further unauthorized access.
- File correct returns.
- File Form 14039, ID Theft Affidavit, with a paper-filed return for each affected SSN as soon as possible so the IRS has the correct return. This form kicks off several protocols and protections for your clients.
- Obtain Client IP PINs.
- Contact your IRS Stakeholder Liaison about obtaining Identity Protection PINs for all of your clients whose personal data may have been accessed to prevent fraudulent tax filings next year.
- Data Theft Information for Tax Professionals: https://www.irs.gov/individuals/data-theft-information-for-tax-profesionals
- Publication 4557, Safeguarding Taxpayer Data - provides information for reporting incidents and other helpful materials: https://www.irs.gov/pub/irs-pdf/p4557.pdf
- Publication 5199, Tax Preparer Guide to Identity Theft - provides information on how to spot ID theft, and how to assist victims of ID theft, with additional resources: www.irs.gov/pub/irs-pdf/p5199.pdf
- Publication 4600, Tips for Safeguarding Taxpayer Data - provides security measures your firm should be following and privacy and security rules that apply to tax professionals: www.irs.gov/pub/irs-pdf/p4600.pdf
- IRS Pub. 4535: Identity Theft Prevention and Victim Assistance
Related Topics:
You must sign in to vote.
Sign in now for personalized help
Ask questions, get answers, and join our large community of Intuit Accountants users.
More like this
- Common questions about Corporate Casualty of Theft in ProConnect Taxby Intuit•Updated over 1 year ago
- Managing online fraud and identity theftby Intuit•14•Updated August 07, 2024
- Tax Protection Plus and ID Theft Restorationby Intuit•26•Updated April 22, 2024
- Generating Form 4684 casualty or theft loss for an individual return in ProConnect Taxby Intuit•7•Updated October 01, 2024