Data breach awareness: How do I know if my customer data was breached

When a data breach happens that’s never a good experience for the customer or the accounting firm. Some data breaches are easy to spot, like in the case of ransomware. Other times, it might be harder to spot them quickly. In this episode of The Tech Talk for Accountants Show Andrew Lassise answers this common question and other that he gets asked.

A lot of people have asked how do I know if there was a data breach? On the flip side, people also ask: How do I know that my customer data is safe?


If you have questions you’d like Andrew to answer on future shows, please fill out the form below:


“Holistically, there are ways for you as accountants to look at does this make sense?,” said Andrew. “Are these things adding up?” Let’s look at Andrew’s top 6 red flags that a data breach may have occured.

Red flag No. 1: Client tax return gets rejected

In this scenario, your client file gets rejected because somebody else has already filed your clients’ taxes under their identify. It may appear obvious “but in the heat of the moment when you haven’t experienced something like this before that is one of the telltale signs that something is wrong,” Andrew said.

Related:

What to do when somebody filed an identity theft tax return using somebody else’s name

Identify theft recovery plan from the Federal Trade CommissionĀ 

Red flag No. 2: When a return gets accepted but none was filed

Basically the flip side of data breach red flag No. 1. This is where the IRS is corresponding with you like your client has actually filed a return, but hasn’t. That might come in the form of a received 5071C Letter from the IRS. The communication could also come in the form of a 4883C Letter orĀ  5747C Letter.

“Your clients shouldn’t be receiving them without having done their returns,” Andrew said. “If you get calls from your clients saying ‘What is this thing I just received from the IRS? I haven’t even filed my taxes, yet’ there might be a problem.”

Especially toward the end of the tax season, this is something to be aware of.


Subscribe to our YouTube channel to get notified of future episodes or find our podcast wherever you listen to podcasts.


Red flag No. 3: Tax refunds are arriving without a tax return filed

It might sound good get a tax refund, but that’s also a red flag when your client hasn’t yet filed their taxes for the current tax season. “That should be a red flag. We all know the IRS doesn’t like giving out money just as much as we don’t like paying to them,” Andrew said. “That should be a red flag when you haven’t filed.”

“You may have had a data breach or your client list has been compromised if you are seeing that,” Andrew said.

Red flag No. 4: Clients receiving messages from the IRS website

Another red flag for a potential data breach is when clients receive messages from the IRS via email. That could come in the form of messages that say an account was:

  • accessed
  • disabled
  • activated

Surface level it can be overlooked. It can also be a sign of a potential data breach and is worth looking into further.

Questions to ask: What happened? Did the client do something? Did something happen at the accounting firm? Is it a one-off or is there a trend?

“And when more and more people are calling with these same issues you may have had a data breach,” Andrew said.

Red flag No. 5: Returns exceeds claims filed with your EFIN

Another red flag is when the number of returns recorded by the IRS exceeds the number of claims actually filed using your EFIN. “When that happens there may have been a compromise somewhere,” Andrew said. “They are supposed to equal.”

what is malwareRed flag No. 6: Your computers are running slower

When computers are running slower than usual that could be a sign of malware running in the background. This malware can can steal data, monitor keystrokes and more. Malware is one reason why we recommend partnering with a managed service provider to help prevent malware from entering the system.

These are things to keep in mind that you may have had a data breach. Need help investigating? Contact us here!

What can I do to protect from a data breach

Follow all the best practices that we discussed on our the podcast episode on managed services where Andrew discussed security steps included. Feel free to contact us here if you need help.