You have 4 free post views remaining. Please consider logging in.

What Your CPA Must Know in the aftermath of the IRS data breach






What Your CPA Must Know in the aftermath of the IRS data breach



View this email in your browser

Anyone remember former IRS contractor Charles Littlejohn? He received a five-year prison sentence for organizing one of the largest data thefts in the history of the federal government. 

His crime involved the illicit acquisition and distribution of sensitive data from the IRS, targeting some of the wealthiest individuals and entities in the United States. This breach both exposed the personal tax information of thousands but also highlighted vulnerabilities within IRS’s systems. More than four years after the incident, the agency has only just begun notifying affected taxpayers. How many class actions have I written on where individuals were outraged that they weren’t notified for a much shorter period – 6-9 months?

As trusted advisors, tax professionals and accounting firms have a responsibility to help lead their clients through this crisis and take proactive steps to help protect their sensitive information.

Littlejohn used his position within the IRS to access and illegally copy tax returns and related documents, which he then provided to the investigative news site ProPublica. This breach has significant implications, not only because of the sensitivity of the data involved but also due to the delayed notification to the affected taxpayers, which only started in April 2024, long after the breach was discovered and following Littlejohn’s sentencing. 

The extent of how many taxpayers were affected by the breach was unknown until now. Littlejohn admitted taking tax information from thousands of wealthy Americans between 2018 and 2020. It’s the largest documented data theft at the IRS in history. We expect several additional lawsuits from taxpayers who were not previously aware that their information was compromised.

Republicans on the House Ways and Means Committee introduced the Taxpayer Data Protection Act (H.R. 8292) recently in response to the lenient one-year prison sentence and $5,000 fine imposed on Littlejohn. The proposed legislation seeks to significantly increase the penalties for unauthorized disclosure of tax information. Currently, the maximum penalty is a $5,000 fine and five years in prison. The new bill would raise the maximum fine to $250,000 and increase the potential prison sentence to 10 years. WE are often asked WHY penalties remain so out of touch with the triggering actions. Sadly, our only reply is to bombard Congress with demands for increased accountability and punishment.

Additionally, it clarifies that each instance of a taxpayer’s data being disclosed unlawfully constitutes a separate violation of the law. In Littlejohn’s case, although data from thousands of taxpayers was stolen, he faced only a single count of unauthorized disclosure. This limited the judge to the current five-year maximum sentence. Remember that judges can only interpret and follow the law, NOT create it! Under the new bill, Littlejohn could have been charged with thousands of violations one for each taxpayer affected — allowing for a much harsher sentence.

As tax professionals, it’s our responsibility to guide our clients through the aftermath of this breach. Here are specific actions to consider:

  • Recommend clients apply for an IP PIN, A common tactic following a data breach is for criminals to use stolen Social Security numbers to file fraudulent tax returns and claim refunds. An Identity Protection Personal Identification Number can help prevent this. The IP PIN is a six-digit number assigned by the IRS that must be used when filing a return to block identity thieves. Encourage all your clients affected by the breach to apply for an IP PIN through the IRS website at irs.gov/ippin. Remind them to keep their IP PIN secure and never share it, even with you.
  • Obtain and review client tax transcripts, The IRS maintains detailed transcripts of each client’s tax filings, payments, and other account activity. Regularly reviewing these transcripts can uncover any suspicious or fraudulent activity. Advise clients to request their tax transcripts through the IRS Get Transcript service and review them carefully for any irregularities. As their tax preparer, you can also obtain transcripts on their behalf to monitor their accounts. If you identify any issues, work quickly with the client and the IRS to address them.
  • Recommend freezing credit and/or use identity protection monitoring services. While an IP PIN and tax transcript review can safeguard against tax-related fraud, clients also need protection from other identity theft risks, such as fraudulent loan applications. Encourage them to enroll in an identity-monitoring and restoration service from a reputable provider like us. Be wary of those that simply monitor and NOT restore. Our services also scan the dark web, public records and other sources to detect any suspicious activity linked to the client’s personal information and provide insurance and assistance if identity theft does occur. In addition, consider suggesting they freeze their credit with the three credit bureaus — TransUnion, Equifax, and Experian.
  • Consider legal action. Some clients may want to explore legal action against the IRS or other parties responsible for the data breach. High-profile figures like hedge fund Citadel CEO Kenneth Griffin (in the case Griffin v. Internal Revenue Service et al) have already filed lawsuits, alleging the IRS failed to properly secure taxpayer data. Advise clients that under the Internal Revenue Code, they have two years from the date they discovered the breach to file a lawsuit. As their advisor, you can provide guidance on the process and help connect them with legal counsel.
  • Strengthen your firm’s cybersecurity. This breach is a stark reminder that tax professionals and accounting firms are prime targets for cybercriminals. It’s crucial to take steps to secure your own systems and data to protect both your clients and your practice. Start by conducting a comprehensive security risk assessment to identify your firm’s most sensitive data and vulnerabilities (which we can assist with) Implement robust data protection measures, such as encryption, access controls, and secure backup and disposal procedures. Ensure all devices, software and networks are kept up to date with the latest security patches. Consider engaging a cybersecurity specialist like us to assist with these efforts. Many professional liability insurers also offer guidance and resources to help accounting firms strengthen their defenses. 

The IRS data breach has further shaken the public’s trust in the tax system. As tax professionals, we have a critical role to play in helping our clients protect their confidential data. We should encourage clients to proactively monitor their tax and financial accounts. and assist them in obtaining transcripts, applying for IP PINs and addressing any suspicious activity. In an era of escalating cyber threats, proactive risk management is essential to protect both your firm and your clients.

Stay vigilant and proactive!

Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security

Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
 
 

Twitter

Facebook

Website

Copyright © 2024 Richard Freiberg CPA PC, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp


cyberinsights
Author:

Comments from the Peanut Gallery

1 thought on “What Your CPA Must Know in the aftermath of the IRS data breach”

Leave a Comment

Categories

Recent Articles

Scroll to Top

Our goal is to help people in the best way possible. this is a basic principle in every case and cause for success. contact us today for a free consultation. 

Practice Areas

Newsletter

Sign up to our newsletter