How to Handle a Data Breach

Posted on February 8, 2017 · Posted in Breaking News, Industry News, Latest Updates, Practice Management

2/8/17 – Tax season has begun, and tax professionals are increasingly being targeted by identity thieves. Return preparers must be vigilant for suspicious activity, since a thief who breaches the data of one preparer can gain access to hundreds or thousands of taxpayers’ data. One way you can monitor for suspicious activity is to check how many federal tax returns have been filed with your Electronic Filing Identification Number (EFIN).

The IRS recommends that you routinely verify the number of returns submitted under your EFIN, and be especially observant during filing season. You can verify your EFIN through IRS e-Services. Just log in to your e-Services account, and follow these steps to verify the number of returns electronically filed with the IRS:

  1. Select your name.
  2. In the left banner, select “Application.”
  3. In the left banner, select “e-File Application.”
  4. Select your name again.
  5. In the listing, select “EFIN Status,” and on this screen you can see the number of returns filed based on return type.

Your e-Services account will give you the number of returns the IRS received, which you can match to your records. The statistics are updated weekly. Please contact the IRS e-help Desk at 866-255-0654 if you see a significantly higher volume than you transmitted.

The IRS has also identified some preliminary steps return preparers should take if their data is compromised.

Contact the IRS and law enforcement:

  • Internal Revenue Service – report client data theft to your local IRS Stakeholder Liaison. Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in your clients’ names.
  • Federal Bureau of Investigation – contact your local office.
  • Secret Service – contact your local office (if directed).
  • Local police – file a police report on the data breach.

Contact states in which you prepare state returns:

  • State tax agencies – contact each state in which you prepare returns.
  • State Attorneys General – most states require that the Attorney General be notified of data breaches. This notification process may involve multiple offices.

Contact experts:

  • Security expert – a security expert can determine the cause and scope of the breach, what to do to stop the breach and prevent further breaches from occurring.
  • Insurance company – report the breach and check if your insurance policy covers data breach mitigation expenses.

Contact clients and other services:

  • Federal Trade Commission – get tips and templates for businesses that suffer data compromise, including suggested language for informing clients.
  • Clients – send an individual letter to victims to inform them of the breach, but work with law enforcement on timing. Remember that you may need to contact former clients if their prior year data was still in your system.
  • Your tax software provider – they may need to take steps to prevent inappropriate use of your account for e-filing.
  • Your web site/client portal provider(s) – it’s possible that your firm and client passwords may have been compromised and need to be reset.
  • Credit/ID theft protection agency – certain states require offering credit monitoring/ID theft protection to victims of ID theft.
  • Credit bureaus – notify them if there is a compromise. Clients may seek their services.

For a comprehensive list of security actions, consult a security professional. Also see Data Theft Information for Tax Professionals on

The IRS reminds tax professionals that toll-free assisters cannot accept third-party notification of tax-related identity theft. Clients should file a Form 14039, Identity Theft Affidavit, only if their electronic return is rejected as a duplicate or they are directed to do so.