IRS Tax Tip 2023-106, Aug. 30, 2023 Anyone can be a target of cybercriminals and scammers. Unfortunately, tax professionals can seem like the big fish in a sea of potential targets because of how much financial data they use to conduct their business. Even a careful, prepared tax pro may fall victim to a crime. If that happens, there are several key things they should do to protect their clients and their business. Their clients It is vitally important that tax professionals inform all their clients of a breach and encourage them to apply to the IRS for an Identity Protection Personal Identification Number, or IP PIN. The Electronic Tax Administration Advisory Committee called the IP PIN, "The number one security tool currently available to taxpayers from the IRS." Preparers should work with law enforcement to determine when it's best to send an individual letter to all potential victims to inform them of a breach. How to report a data breach Contact the IRS – The tax preparer should report client data theft to their local IRS Stakeholder Liaison. The liaison will notify IRS Criminal Investigation and others within the agency on the tax professional's behalf. If reported quickly, the IRS can take steps to block fraudulent returns in clients' names. Call local police – The taxpayer should contact police to file a report on the data breach. File a complaint with the FBI's Internet Crime Complaint Center. File a report with the nearest office of the Secret Service. To help tax professionals find where to report data security incidents at the state level, the Federation of Tax Administrators has created a special page with state-by-state listings. The preparer should contact the attorneys general for each state in which the tax professional prepares returns. Help from other experts Security expert – Tax preparers should consult an expert who can help determine the cause and scope of the breach to stop the breach and prevent further breaches from occurring. Insurance company – Tax preparers should report the breach to their insurance company and check if the insurance policy covers data breach mitigation expenses. Federal Trade Commission – Preparers and other businesses can go to the FTC for guidance. For more individualized guidance, preparers can email the FTC. Credit and identity theft protection agency – Certain states require that preparers offer credit monitoring and identity theft protection to victims of identity theft. Credit bureaus – Preparers should notify them if there is a compromise and clients may seek their services. Review security measures used to protect client data Data protection is key in helping avoid data breaches. To help tax pros protect their clients and their business, the IRS, state tax agencies and the tax industry partners who make up the Security Summit created a Taxes-Security-Together Checklist. Whether a one-person shop or partner in a large firm, everyone can take several relatively simple steps to protect their clients and their business data. Subscribe to IRS Tax Tips