Skip to main content
Text Resize
Wednesday July 24, 2024

Washington News

Washington Hotline

Tax Professionals Must Protect Client Data from Identity Theft

The Internal Revenue Service (IRS) recently joined together with its Security Summit partners to announce a new campaign. The "Protect Your Clients; Protect Yourself" campaign focuses on assisting tax professionals.

IRS Commissioner Danny Werfel noted, "Tax professionals also form a critical part of our defenses. The sensitive financial and tax information they hold is a tempting target. It is critical that those handling sensitive tax information, especially smaller practices, stay current and keep their systems safe."

The IRS urges tax professionals to take basic security steps. Criminal syndicates that target tax professionals are very tech-savvy. They hack their way into tax preparers' computer systems to access client data. It is important for tax professionals to have strong firewalls and protection. If a fraudster gains access, he or she can use stolen client data to file fraudulent tax returns. Commissioner Werfel notes it is difficult for the IRS to detect these fraudulent returns because they are based on actual client financial information.

The Security Summit suggests several specific strategies that tax professionals should use to protect client data.
  1. Create a Security Plan — Each tax preparer should have a Written Information Security Plan (WISP). The Security Summit organizations create a standard version of WISP. They also teach the benefits of this plan at five IRS Nationwide Tax Forums.
  2. Identity Protection PINs — All taxpayers who can verify their identity online may now obtain an IP PIN. The IRS online tool "Get an IP PIN" on is also helpful. This IP PIN will help to protect client identities.
  3. Spear-phishing and Whaling — The IRS warns that spear-phishing and whaling are not recreational activities. Spear-phishing is an email scam that is used to trick the tax professional. Whaling is a phrase for a hacker attacking a potential lucrative target. The data of many clients is a large target or "whale" with great potential benefit for the fraudster. Client records typically include passwords, bank account numbers, credit card numbers and Social Security numbers.
  4. Signs of Identity Theft — There have been multiple identity thefts that were not recognized by tax professionals. The signs of a theft include multiple clients who receive IRS letters requesting confirmation they filed a tax return. It is a warning signal if the IRS reports show that the professional has filed more returns than he or she has clients. Finally, be on guard if the computer curser moves on its own.
  5. Working From Home or Traveling — Many tax professionals now work from home or while traveling. If working remotely, it is essential to have a virtual private network (VPN) and computer virus software plus a firewall to protect both the tax preparer and clients. Through cyber-smart tactics, tax professionals can make it much more difficult for a fraudster to hack into your system and steal client data.
There will be Nationwide Tax Forums this year in Atlanta on July 25-27, Washington DC on August 8-10, San Diego on August 22-24 and Orlando on August 29-31. More information on the forums can be found on A major goal of the forums is to help tax preparers understand the Written Information Security Plan.

Published July 14, 2023

Previous Articles

2023 IRS Dirty Dozen - Part II

2023 IRS Dirty Dozen - Part I

National Taxpayer Advocate Reports IRS Improvements

Protect Yourself from AI Senior Scams

IRS Wants to Pay $1.5 Billion in Refunds