While tax season may be over for some people, others are dealing with the aftermath of data breaches and identity theft. A friend working with a CPA, said out of 350 users they filed returns for, about 30 came back as “already filed” meaning someone has already fraudulently filed with that SSN and claimed the refund. The IRS thinks the CPA is breached.
How prepared is your CPA to handle the “already filed” situation? Is your firm network secured and customers data protected? Are your employees and contractors working with your firm storing sensitive information like SSN and tax information on an unprotected drive? Unfortunately, this is not too uncommon with cyberattacks going up, anyone that is not prepared will get compromised.
HERMITAGE – A Hermitage accounting and tax preparation firm said it’s investigating an “unauthorized individual’’ attempting to file bogus tax returns for some of its clients.
Reed & Dailey Associates said in a statement it saw a pattern with some of its clients’ e-filed tax returns being rejected as duplicates by the IRS, starting about Feb. 21.This tactic usually involves someone using a taxpayer’s personal information and filing under their name before a real return is filed.
“It is not known for certain whether the unauthorized individual filing the returns acquired information from our systems or if the information was obtained elsewhere,’’ the company said. “There are many parties involved in data systems-like software vendors, firewall providers, IT firms, anti-virus providers, and transmission entities.’’
Along with informing clients, Reed said it immediately notified the IRS of the situation as required by regulations and is working with the agency to resolve outstanding client issues. The FBI also has been notified.
To date no “bad guys’’ have been identified, the company said.
While declining to say how many of its clients are affected, Reed & Dailey officials said they are being given guidance based on IRS recommendations. Further, the company has hired cyber security specialists to heighten security on its computer systems.
Some clients rejected for e-filing for duplicate returns have reported attempts of unauthorized access to their bank accounts, Reed said.
“Banks are on high alert and have been wonderful in their cooperation with their clients,’’ the company said. “We are not aware of any clients suffering an actual financial loss at this time.’’
By law, the IRS is empowered to conduct criminal investigations if it detects possible fraud. Citing policy, an IRS spokesman said the agency doesn’t confirm or deny whether there’s an ongoing investigation.
Historically, though, it’s very difficult to locate and prosecute identity thieves.
“Increasingly, tax professionals are being targeted by identity thieves,’’ the IRS website states. “These criminals – many of them sophisticated, organized syndicates – are redoubling their efforts to gather personal data to file fraudulent federal and state income tax returns.’’
Reed & Dailey said despite its challenges, the firm is seeing a rising number of clients.
The company said it appreciated its clients’ understanding.
“They have been nothing but gracious and patient,’’ the firm said. “It’s just another example of our fabulous community that we live in. The good people outweigh the bad by the widest measure possible.’’
Matthew Kaing is the Managing Director at eSudo with 20 years of experience helping small businesses, law firms, insurance brokers, and accountants, to grow more clients through technology, and improve productivity without risking security using proven strategy. Take a free risk assessment or book a complimentary strategy call.