08/13/2019 | Press release | Distributed by Public on 08/13/2019 11:12
IR-2019-143, August 13, 2019
WASHINGTON - The Internal Revenue Service and its Security Summit partners today reminded tax professionals that they should report data theft immediately to the IRS and follow an established process for helping the IRS protect their clients.
If notified promptly, the IRS can help stop fraudulent tax returns from being filed in clients' names, thereby avoiding refund delays and other problems for the affected tax professional. But this action requires the cooperation of the tax professional with the IRS.
The IRS, state tax agencies and the private-sector tax industry are calling on all tax professionals to pause this summer and review their security measures and make appropriate changes. Acting as the Security Summit, the partners created a special 'Taxes-Security-Together' checklist to help tax professionals with this review. Fraudulent returns using stolen tax data are harder to detect.
'Our objective is to get every tax professional to stop and think about client data security. The 'Taxes-Security-Together' Checklist is intended as a starting point, spelling out the basic steps necessary to start a security review,' said Chuck Rettig, IRS Commissioner. Practitioners are the first line of defense against organized criminal syndicates running these identity theft scams. Despite our progress, this is no time to let down our guard in the tax community. We need your help.'
Creating a data theft recovery plan is the fifth and final action item in this summer's Security Summit series. Previous checklist topics included: deploying the 'Security Six' safeguards, creating a written data security plan, educating yourself on phishing scams and recognizing the signs of data theft.
Checklist Item 5: Create a data theft recovery plan
Rather than wait for an emergency, tax professionals should consider creating a data theft recovery plan in advance and make calling the IRS an immediate action item. Having an action plan can save valuable time and protect your clients and yourself. Should a tax professional experience a data compromise - whether by cybercriminals, theft or just an accident - there are certain basic steps to take. These include:
Contacting the IRS and law enforcement:
Contacting states in which the tax professional prepares state returns:
Contacting clients and other services:
The objective of the 'Taxes-Security-Together' Checklist is to ensure all tax professionals, whether a one-person shop or a major firm, understand the risk posed by national and international criminal syndicates, take the appropriate steps to protect their clients and business and understand the laws around their obligation to secure that data.
'The number of tax professionals reporting data thefts to the IRS remains too high, and it puts tens of thousands of taxpayers at risk for identity theft,' Rettig said. 'We hope tax professionals will use the Summit checklist as a starting point, not an end point, to protect their client's data - and themselves. It's not only a good business practice, it's the law.'
Reporting schemes helps everyone
The IRS, states and tax industry share information about scams and schemes through their Identity Theft Tax Refund Fraud Information Sharing and Analysis Center, which allows the partners to rapidly respond to emerging threats. When tax professionals report data thefts to the IRS, it enables the partners to identify new schemes.
The ability to share information about emerging threats is critical to the ability to combat identity theft and refund fraud. Thieves are constantly creating new scams to trick tax professionals and taxpayers into divulging sensitive information.
The Security Summit reminds all tax professionals that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. Get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data (PDF), and Small Business Information Security: the Fundamentals (PDF) by the National Institute of Standards and Technology.
Publication 5293, Data Security Resource Guide for Tax Professionals (PDF), provides a compilation of data theft information available on IRS.gov. Also, tax pros should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.
Reminder: The Taxes-Security-Together Checklist
During this special Security Summit series, the checklist highlighted these key areas: