During your day-to-day work, you might notice something that indicates you might have been hacked, experienced a breach, data theft or have had unauthorized individuals using your program to file returns. Review the following to determine suspicion and next steps.
Clues that might indicate suspicion
If any of the following have happened, your account or computer might have been accessed by someone not authorized, resulting in unauthorized access to your client’s data and to your software.
- The software e-filed returns you never submitted.
- You’re getting e-file statuses back for returns you never sent.
- You’re getting acknowledgements back for returns without a submission ID.
- You’re getting incomplete e-file statuses back. For example, they don’t show any or all of the following statuses in F4: Passed Validation, Ready to Send, or Sent to Lacerte.
- Returns were submitted at odd hours that aren't during your normal hours of operation. Typically, a thief will remotely steal client data over the weekend when no one is in the office to notice, then will rework the returns over the weekend and send them on a business workday.
To confirm unauthorized access
- Go to IRS e-Services and locate your EFIN Activity Report to see if returns have been filed on your EFIN that you weren't aware of.
If you've confirmed unauthorized access
- Secure your network.
- Have your IT professional secure your system, including a deep scan for malware or viruses.
- Change all user passwords to strong, unique passwords to prevent additional access.
- Determine unauthorized access.
- Have your IT professional review network and workstation logs to find the source of unauthorized access; it may be through a remote access program or tool.
- Secure program user access.
- Change your password on your Intuit MyAccount, and review the users listed.
- Disable compromised EFIN.
- Notify the IRS that your firm identity, including EFIN, may have been compromised and get a new EFIN. Call the IRS e-Services Help Desk.
- Review IRS recommendations.
- Engage the IRS.
- Report your client data theft to your local stakeholder liaison. Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical and if reported quickly, the IRS can take steps to block fraudulent returns made in your client’s names.
- Notify your insurance carrier.
- Contact your liability insurance carrier to report the incident and they can provide you with additional guidance.
- Notify legal counsel.
- Seek guidance from legal counsel regarding obligations to your clients. You may need to notify clients of the potential identity theft and alert the Federal Trade Commission at IdentityTheft.gov.
- Verify new EFIN.
- To continue using our software, you'll need to send your new credentials for EFIN verification, so we can enable your new EFIN for use with your Customer Account Number.
- Don’t enter your new EFIN into the tax software until your IT professional has secured your network systems to prevent further unauthorized access.
- File correct returns.
- File Form 14039, ID Theft Affidavit, with a paper-filed return for each affected SSN as soon as possible so the IRS has the correct return. This form kicks off several protocols and protections for your clients.
- Obtain Client IP PINs.
- Contact your IRS Stakeholder Liaison about obtaining Identity Protection PINs for all of your clients whose personal data may have been accessed to prevent fraudulent tax filings next year.
Related Topics:
