Our network

What to Do If You Suffer a Data Breach or Other Security Incident | Business

Title (Max 100 Characters)

What to Do If You Suffer a Data Breach or Other Security Incident
Business, Commentary

Tax professionals are increasingly targets of cybercriminals seeking access to client data. Criminals use the stolen information to file fraudulent tax returns for refunds. Be prepared to protect your clients and yourself by taking a few critical steps.

Should you experience a data compromise, there are certain basic steps you should take. For a comprehensive list of security actions, consult a security professional. Also see Data Theft Information for Tax Professionals on IRS.gov.

Preliminary steps include:

Contact the IRS and law enforcement:

  • Internal Revenue Service - Report client data theft to your local IRS Stakeholder Liaison. Liaisons will notify IRS Criminal Investigation and others within the agency on your behalf. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in your clients’ names.
  • Federal Bureau of Investigation – Contact your local office.
  • Secret Service – Contact your local office (if directed).
  • Local police – File a police report on the data breach.

Contact states in which you prepare state returns:

  • State Tax Agencies - Contact each state in which you prepare returns
  • State Attorneys General - Contact each state in which you prepare returns. Most states require that the attorney general be notified of data breaches. This notification process may involve multiple offices.

Contact experts:

  • Security expert – They can determine the cause and scope of the breach, what to do to stop the breach and prevent further breaches from occurring.
  • Insurance company – Report the breach and check if your insurance policy covers data breach mitigation expenses.

Contact clients and other services:

  • Federal Trade Commission offers tips and templates for businesses that suffer data compromise, including suggested language for informing clients.
  • Clients – Send an individual letter to victims to inform them of the breach but work with law enforcement on timing. Remember that you may need to contact former clients if their prior year data was still in your system.
  • Your tax software provider – They may need to take steps to prevent inappropriate use of your account for e-filing.
  • Your web site/client portal provider(s) – It’s possible that your firm and client passwords may have been compromised and need to be reset.
  • Federal Trade Commission offers tips and templates for businesses that suffer data compromise, including suggested language for informing clients.
  • Credit/ID theft protection agency - Certain states require offering credit monitoring/ID theft protection to victims of ID theft.
  • Credit bureaus – Notify them if there is a compromise. Clients may seek their services.

The IRS reminds tax professionals that toll-free assisters cannot accept third-party notification of tax-related identity theft. Clients should file a Form 14039, Identity Theft Affidavit, only if their electronic return is rejected as a duplicate or they are directed to do so.

This information is not intended to be a substitute for specific, individualized tax advice as individual situations will vary.  Royal Alliance Associates, Inc., Georgetown Capital and its advisors are not engaged in rendering tax advice.

These links are provided as a convenience and for informational purposes only. We assume no liability for any inaccuracies, errors or omissions in or from any data or other information provided on the pages, or for any actions taken in reliance on any such data or information.

Prepared by the IRS.  For more information go to www.irs.gov.

Securities and investment advisory services may not be available in all states.

Representatives offer Securities and Advisory Services through Royal Alliance Associates, Inc., member FINRA/SIPC and a registered investment advisor.

Insurance services offered through Georgetown Capital Group, which is independent of Royal Alliance Associates, Inc. with separate ownership, and is not registered as a broker-dealer or investment advisor.

 Joseph V. Curatolo, President of Georgetown Capital Group

5350 Main Street, Williamsville, NY 14221

Phone #(716) 633-9800  Toll Free 1 (800) 648-8091  Fax #(716) 633-9789


Business, Commentary

Williamsville Deals

Williamsville Businesses