Protect clients from tax fraud after a data breach

The National Public Data breach, which exposed 272 million taxpayer identification numbers and 2.9 billion records this summer, has created a significant risk of tax-related identity theft this tax season. Most taxpayers are now vulnerable to tax return fraud and other financial abuses.

Financial planners now face the challenge of guiding clients through the aftermath of this data disaster, educating them about cybersecurity risks and helping them take practical steps to protect their financial data.

Kevin Knull, President of TaxStatus

NPD disorder should be of concern to everyone given the sheer number TIN displayed together with names, addresses and telephone numbers. NPD, Consumer Data Broker declared bankrupt It also accidentally shared passwords to its internal systems after a breach earlier this month, allowing hackers to access reams of sensitive taxpayer data.

The breach highlights the urgent need for more robust customer protection strategies beyond a simple credit monitoring recommendation. Be it through enhanced security measures, ongoing training or technological solutionsfinancial planners must consider the long-term impact of breaches on their clients’ financial picture.

Many fraudulent returns

One of the most serious consequences of identity theft following an NPD breach is the increased likelihood that criminals will use stolen taxpayer identification numbers to file false and fraudulent returns. Fraudsters can claim large refunds long before the legitimate taxpayer files and becomes aware of the problem.

The IRS is actively fighting this type of fraud through its stolen identity fraud implementation initiatives. In 2023 alone, the IRS reported more than 5 million suspicious returns, blocking $8 billion in fraudulent refund claims.

But given the number of taxpayer identification numbers exposed through NPD breaches, that number is likely to represent only a fraction of the volume of fraud this coming tax season.

Imagine a scenario where a cybercriminal files a fraudulent return on January 2, 2025, and your client doesn’t file by the extension date of October 15. It is very likely that the IRS will not discover the fraud until your customer returns. filed, by that time the refund money had long since run out. Your client and the CPA need to sort out the mess while the IRS investigates the situation.

Consequences for individuals and enterprises

Abuse of taxpayer identification numbers can go away far beyond fraudulent reimbursement.

Criminals can use TINs for a variety of illegal activities, such as opening unauthorized credit accounts; submitting job applications (which then generate real taxes for a real taxpayer); applying for unemployment benefits, social insurance, medical care or other forms of state assistance. When these fraudulent claims are discovered, the legitimate taxpayer often has to deal with the consequences, including long delays in receiving their legitimate benefits or refunds.

For businesses, the disclosure of Employer Identification Numbers (EINs) can lead to fraud on a much larger scale, given the amount of money the business generates or credit offered to the business. For example, business owners may find themselves responsible for tax returns they never filed or even loans they never applied for. In addition to financial damage, it can also threaten business continuity and reputation.

Councilors take the initiative

Protecting clients from tax-related identity theft involves a combination of robust security practices, fraud prevention training, and solutions to more effectively monitor client accounts.

Here are some key strategies that financial advisors can share with their clients.

Improve security practices. Encourage customers to take more stringent security measures, including using unique complex passwordsand enable multi-factor authentication where possible. These steps will help prevent unauthorized access to financial information.

View the IRS Notice. Advise clients to regularly review any notices they receive from the IRS. Fraudulent activity sometimes prompts formal IRS correspondence, and catching it early can help stop fraud before it starts.

Control financial accounts. Advise customers to monitor their bank and credit accounts for suspicious activity. Although not directly relevant to tax returns, it is an important component of overall financial security and can help detect wider fraud schemes.

Serve early. The sooner a legal declaration is submitted, the fewer chances criminals will have to submit a false one instead.

Vigilance, education and technical means

While traditional fraud monitoring and prevention methods are important, a technological solution can offer a much higher level of protection. Some platforms now provide real-time viewing of IRS account activity that can detect suspicious behavior, such as tax return filings, refunds or address changes, and offer early notification of any IRS fraud alerts.

When used as part of a broader strategy, these tools can help advisors anticipate potential risks.

Monitoring solutions can alert advisors and their clients to unusual activity, allowing them to respond more quickly to potential fraud. It also strengthens the advisor’s role as an advocate for the financial health of their clients, strengthening trust in the advisory relationship.

However, it is important to emphasize that these tools should complement, not replace, standard financial security practices. Encouraging customers to take a proactive, multi-layered approach to fraud prevention will always be the best defense against identity theft.

By offering a combination of training, robust security practices and technology solutions, advisors can help reduce the risks associated with breaches and help protect their clients’ financial information. Financial advisors who help their clients overcome these challenges demonstrate not only their expertise, but also their dedication to protecting their clients’ financial security.