Welcome back! Ask questions, get answers, and join our large community of tax professionals.
Showing results for 
Search instead for 
Did you mean: 

Data Theft Next Steps for Tax Professionals


Data Theft Next Steps for Tax Professionals

During your day to day work, you may notice something that leads you to believe you may have been hacked, experienced a breach, data theft or unauthorized persons using your program to file returns.

Clues that might indicate suspicion of Data Theft e-file fraud:

  • Why did the software e-file returns I never submitted?
  • Was there a software update that caused the program to e-file returns automatically?
  • I am getting e-file statuses back for returns I never sent.
  • I am getting acknowledgements back for returns that don?t have a submission ID.
  • Why am I getting incomplete e-file statuses back? (i.e. they do not show any or all of the following statuses in F4: Passed Validation, Ready To Send, or Sent to Lacerte)
  • How can I tell who sent returns from my office?

If the above clues are present, your computer may have been accessed by someone not authorized to do so.  This may have resulted in unauthorized access to your clients? data and to your ProConnect desktop software.

Confirmation Steps

Read the recent IRS Newswire Alert dated September 2, 2016 (Issue IR-2016-119)  for more information.
  • Go to IRS e-Services and check your EFIN Activity Report to see if more returns have been filed on your EFIN than you are aware of.
  • Check to see if you can tell if the returns in question were submitted at odd hours that are not during normal hours of operation such as overnight or on weekends.
  • Were the returns Transmitted on a Monday or Tuesday morning?
    • Typically, a thief will remotely steal the client data over the weekend when no one is in the office to notice. They then rework the returns over the weekend, and transmit on a normal business workday just after the weekend.

Your Next Steps If You Confirm Unauthorized Access

  1. Secure your network.
    • Have your IT professional secure your systems, including a "deep scan" for malware or viruses, change all user passwords to strong, unique passwords to prevent additional access.
  2. Determine unauthorized access.
    • Have your IT professional review network and workstation logs to determine the source of unauthorized access. It may be though a remote access program or tool.
  3. Secure Program User Access.
    • Change your password on your Intuit MyAccount, and review users on your MyAccount.
  4. Disable Compromised EFIN.
    • Notify the IRS that your firm identity, including EFIN, may have been compromised and get a new EFIN.  Call the e-Services Help Desk at (866) 255-0654 for assistance.
  5. Notifications
  6. Engage IRS.
  7. Notify Insurance Carrier.
    • Notify your liability insurance carrier to report the incident. They can provide you additional guidance.
  8. Legal Counsel.
    • Notify and seek guidance from your legal counsel regarding your obligations to your clients.  You may need to notify clients of the potential identity theft and to alert the Federal Trade Commission at www.Identitytheft.gov.
  9. Verify New EFIN.
    • In order to continue to use our software, you will need to submit your new credentials for EFIN Verification to www.IntuitAccountants.com/EFIN-Facts so we can enable your new EFIN for use with your Customer Account Number.
    • DO NOT enter your new EFIN into the tax software until your IT professional has secured your network systems to prevent further unauthorized access.
  10. File Correct Returns.
    • File form 14039, ID Theft Affidavit, with a PAPER-Filed return for each affected SSN as soon as possible, so the IRS has the correct return. This form kicks off several protocols and protections for your clients.
  11. Client IP PINS.

The IRS has other helpful information.  We suggest you also review:

Related Topics:

Was this helpful?

You must sign in to vote, reply, or post