During your day-to-day work, you might notice something that indicates you might have been hacked, experienced a breach, data theft or have had unauthorized individuals using your program to file returns. Review the following to determine suspicion and next steps.
Clues that might indicate suspicion
If any of the following have happened, your account or computer might have been accessed by someone not authorized, resulting in unauthorized access to your client’s data and to your software.
- The software e-filed returns you never submitted.
- You’re getting e-file statuses back for returns you never sent.
- You’re getting acknowledgements back for returns without a submission ID.
- You’re getting incomplete e-file statuses back. For example, they don’t show any or all of the following statuses in F4: Passed Validation, Ready to Send, or Sent to Lacerte.
- Returns were submitted at odd hours that aren't during your normal hours of operation. Typically, a thief will remotely steal client data over the weekend when no one is in the office to notice, then will rework the returns over the weekend and send them on a business workday.
To confirm unauthorized access
- Go to IRS e-Services and locate your EFIN Activity Report to see if returns have been filed on your EFIN that you weren't aware of.