Discussion:E-file hacking

From TaxAlmanac, A Free Online Resource for Tax Professionals
Note: You are using this website at your own risk, subject to our Disclaimer and Website Use and Contribution Terms.

From TaxAlmanac

Jump to: navigation, search

Discussion Forum Index --> Tax Questions --> E-file hacking


CrowCPA (talk|edits) said:

9 March 2013
I just learned that a client's state return was hacked. This was a South Carolina return, and I guess all 2011 SC returns were compromised. I only do a couple of returns each year for that state, but if it happened there, it could also happen elsewhere.

This taxpayer expressed his preference to NOT efile his state return for 2012 and I agreed immediately. I also made it clear that he can opt out of efiling the federal return and explained that it must be his decision.

I think we, as tax practioners, should make the paper filing option clear to our clients. I know I have not done this well enough. I have explained that efiling is "mandatory" for preparers who do more than a few returns and asked "is that OK with you?" From now on I will make it more clear that they can opt out and that there are risks associated with efiling.

How do others feel about this, particularly if you have clients in South Carolina?

Trillium (talk|edits) said:

9 March 2013
Since "hacked" has come to be a word with multiple meanings (and thus multiple implications), here is the SC announcement, which explains a bit more (but not a lot more) about what happened:

SC DOR was the victim of a cyber attack in mid-Sept 2012.

I seem to remember that we had a prior discussion about this, and from that (or somewhere) I got the impression that it wasn't the e-filing that was the problem. If you paper filed with SC, they then transcribed that personal info into their computer database, and so it was equally at risk. Somebody correct me if I'm remembering that incorrectly, thanks.


Adding: The info I posted above is not intended to minimize in any way the damage suffered by your client and the other 3.6m people who had their SSNs and other data exposed - this is a huge issue.

Gazoo (talk|edits) said:

9 March 2013
This is a Spy vs. Spy thing. There will always be the hacked and the hackers. The information industry will make sure of it. We are but hampsters on the wheel. We buy product X and hardware Y, but two months later it has problem Z; we are then told to buy product A and hardware B, and before long it has problem C. The point is you are on the wheel. You are talking and worrying and buying.

No use to get upset about it. Continue as usual. Mind and don't make trouble. This is the productive age.

Cosmo123 (talk|edits) said:

9 March 2013
Anyone who has filed in SC can and should sign up for the free credit monitoring, Protect my ID. Very easy process, just a few steps- comes with identity theft insurance.

Gazoo (talk|edits) said:

9 March 2013
There is a new industry and a new expense: identity theft insurance.

Cosmo, I'd like to think it's free... but I'm wary. It could be one of those deals where it's free for a year, then it jumps to $100.

CrowCPA (talk|edits) said:

9 March 2013
My client told me that he has free credit monitoring through the state of SC for one year. He feels that one year is not a sufficient period of time.

Trillium, do I understand you correctly, that this problem was not just associated with e-filing but with all SC returns?

Gazoo (talk|edits) said:

9 March 2013
One year! How "generous". It's the least they could do. Remember, this was the state that started the Civil War and tried to welch on it's reparations when it was over.

CrowCPA (talk|edits) said:

9 March 2013
Fortunately, this client is financially astute.

CrowCPA (talk|edits) said:

9 March 2013
Gazoo - good point. I shall remain in New England for the remainder of my days. This is just one more reason to do so.

Cosmo123 (talk|edits) said:

9 March 2013
Yes, SC had a data breach. You may be right about the one year gig, but no credit card is on file. The sign up takes two minutes.

Trillium (talk|edits) said:

9 March 2013
CrowCPA: That is my recollection, but I am hoping that someone with more direct knowledge of the issue will confirm that. I do know that the group eligible for the free one-year ID theft protection service includes anyone who filed a SC return between 1998 and 2011.

Also, I had read in a news article that the 3.6m people who were known to have been part of the data accessed in the cyber attack have been informed that they're eligible for lifetime ID theft protection - it sounds like that may have been incorrect. Or I suppose your client may have been in the group that was at risk, but not actually exposed - since that "at risk but not exposed" group only got the one-year deal, AFAICT.

Ckenefick (talk|edits) said:

9 March 2013
SC has had more than one of its agencies hacked. Investigation revealed the SCDOR had like one guy on its staff in charge of its entire security system, if we could call it that. Anyway:

I'll quote it again...

This quote is from this link, January, 2013 Journal of Accountancy article:

http://www.journalofaccountancy.com/Issues/2013/Jan/20126243

Be aware that e-filing makes targeted audits easier. Congress says e-filing allows the IRS to “target returns with audit potential” (Report JCS-1-08), and the IRS estimated four years ago that “if [paper return] screeners could be reallocated to performing audits, they could bring [in] an additional $175 million annually” (Government Accountability Office, Rep’t No. GAO-08-38).

It is my opinion that if you believe e-filing is a one way street, purely beneficial to the taxpayer, you are mistaken and you are a victim of IRS brain-washing. This SCDOR debacle is largely irrelvant to my position here. All you have to do is read the e-file opt out statement..."I understand that electronic filing may provide a number of benefits to taxpayers...."

How come the opt-out doesn't state anything like, "It's easier for us to identify you as an audit target if you e-file. Please see TIGTA's report." Or, "Do you ever wonder how we can so quickly spit out statistics of "bad boy" preparers?" Or, "Much more return information is transcribed into the IRS' database with an e-filed return when compared to a paper-filed return."

JAD (talk|edits) said:

9 March 2013
I agree with Ck and Crow and I discuss this at length with my clients. Many are so technologically connected that they cannot fathom that e-file might be in the IRS's best interests, but not their own. I include the e-file opt out in my questionnaire, and this year I included this lead in:

If you don't want to e-file, please sign, date, and return this statement to me. The IRS loves e-file. Another CPA presented the other side of e-file in a Wall Street Journal editorial on January 14, 2013, which is available online. The article is titled, "E-Filing and the Explosion in Tax-Return Fraud." The author discussed the increased risk of identity theft due to the use of e-file by the crooks and the IRS's unwillingness to make available an option that would easily allow us to protect ourselves. The article touches on the audit and administrative benefits to the IRS when we e-file and the impact on the taxpayers. As always, please let me know if you have any questions.

Ckenefick (talk|edits) said:

9 March 2013
Here's that WSJ article:

http://online.wsj.com/article/SB10001424127887323374504578222130665022160.html

Natalie (talk|edits) said:

March 9, 2013
". . . should make the paper filing option clear to our clients." I include as part of my engagement letter: You may opt out of electronic filing if you so choose.

Yellowdog (talk|edits) said:

9 March 2013
From my understanding, the SC breach affected all returns from 1998 forward, not just the efiled ones. Business returns (sales tax, etc.), individual returns. You name it: it was breached.

I am telling my SC clients in addition to the Protect My ID sign-up, put a freeze on the credit account with each credit reporting agency and close out the bank accounts. The other option is to keep the bank account open just to receive refund direct deposits, then move the money to another account. Keep only the minimum required to keep the account open. This is in case another breach occurs: they won't have the new account information.

Jake (talk|edits) said:

13 March 2013
The govt. can't regulate what I charge, and I have an added $35 charge for e-filing. That among other factors eliminates my e-filing as all opt to paper file.

Tax Writer (talk|edits) said:

13 March 2013
When I was working for the State of Ca, FTB got hacked. Didn't get all the details-- as far as I know, the public wasn't notified. But then in 2007 (?) the entire Ca.gov website/server got hacked and redirected to a porn site, and the administrators took every single Ca.gov website down. Yes, every single one. I will never forget it, because Schwarzenegger was governor at the time and he went apoplectic.

It happens more often then you think.

EDIT: Thanks for posting that article link above. Did you see that line: e-filed returns are available for audit several months before paper filed returns. Thanks for reminding me again why I still paper file so much.

JAD (talk|edits) said:

13 March 2013
That is appalling. If my clients’ information were compromised, I believe that I am required by law to notify them. The FTB gets hacked, and no disclosure is made?

To join in on this discussion, you must first log in.
Personal tools