IRS sees spike in data breaches for tax pros this year

The Internal Revenue Service, along with its Security Summit partners at state tax authorities and tax prep companies, urged tax professionals and taxpayers Friday to use the free, multi-factor authentication feature offered on tax preparation software products, as nearly two dozen tax practitioner firms have reported data thefts to the IRS so far this year.

The IRS noted that use of multifactor authentication is a free, simple way for tax practitioners to protect their clients and their own firms’ offices from data theft. Tax software vendors also provide free multi-factor authentication protections on their Do-It-Yourself products for taxpayers.

“The IRS, state tax agencies and the private-sector tax industry have worked together as the Security Summit to make sure the multi-factor authentication feature is available to practitioners and taxpayers alike,” said Kenneth Corbin, commissioner of the IRS Wage and Investment division in a statement Friday. “The multifactor authentication feature is simple to set up and easy to use. Using it may just save you from the financial pain and frustration of identity theft.”

Multifactor authentication should be familiar by now to many users of web and mobile applications. It means returning users need to enter their username and password credentials, along with another data point that only they know, such as a security code sent to their mobile phone. For example, thieves may steal passwords but will be unable to access the software accounts without the mobile phones to receive the security codes.

Multifactor authentication protections are now offered by many financial institutions, email providers and social media networks to safeguard online accounts. Users should always opt for multifactor authentication when it’s offered, but particularly with tax software because of the sensitive data held in the software or online accounts.

The IRS also reminded tax pros to beware of phishing scams frequently used by cyber thieves to get control of their computers. Fraudsters may claim to be a potential client, a cloud storage provider, a tax software vendor or even the IRS in their effort to convince tax pros to download malware attachments or open links. The scams typically come with an urgent message, implying there are issues with the tax professionals’ accounts that demand immediate attention.

The IRS also reminded tax practitioners that they can keep tabs on the number of returns filed with their Electronic Filing Identification Number (EFIN) every week. That helps ensure EFINS are not being misused. They can visit the IRS e-Services, page access the EFIN application and select EFIN status to view a weekly total of returns filed using the EFIN. If there seem to be be too many returns, tax pros should contact the IRS immediately.

For more information, visit the Identity Theft Information for Tax Professionals page, along with Publication 4557, Safeguarding Taxpayer Data, provides a comprehensive overview of steps to protect computer systems and client data.

IRS building 2
A woman walks out of the Internal Revenue Service (IRS) headquarters building in Washington, D.C., U.S., on Wednesday, Feb. 17, 2016. Taxpayers have until Monday, April 18 to file their 2015 tax returns and pay any tax owed. Photographer: Andrew Harrer/Bloomberg
Andrew Harrer/Bloomberg

For reprint and licensing requests for this article, click here.
Cyber security Data breaches IRS Tax scams Tax crimes Malware Authentication Identity theft Identity theft protection
MORE FROM ACCOUNTING TODAY