Print Edition

  Email News Updates

VIEWPOINT: For you, it’s tax season; for cybercriminals, it’s open season

By Kimberly Hunter


There’s a lot to consider this tax season following a year of new regulations and financial abnormalities. One more item to add to the list is identity theft. According to the 2020 TransUnion Public Sector survey, 10 percent of U.S. adults report being a victim of identity theft since the onset of the COVID-19 pandemic. With the tax deadline approaching, businesses and individuals alike should be hyper-aware that tax-related identity theft can occur easily when someone uses a stolen Social Security number (SSN) to file a tax return and claim a fraudulent refund. 

Especially given the higher rate of taxes being filed via online programs and virtual meetings with accountants this year, everyone must be diligent in protecting their private information. To prevent identity theft, consider the following steps:

• Use strong unique passwords.

• Access emails, bank accounts, and financial information through a secure network only (no public Wi-Fi).

• Shred documents with private information that are no longer needed.

• Monitor credit reports, financial, and medical statements.

• Lock mobile devices.

• Avoid providing personally identifying information over the phone.

Unfortunately, even with preventive measures in place, an identity theft still may occur, and you may not be aware that it has happened unless the Internal Revenue Service (IRS) sends you a letter by mail stating they have received a suspicious tax return that uses your SSN, or if you try to electronically file your return and it is rejected as a duplicate. If you know or suspect that you may be a victim of tax-related identity theft, the IRS recommends these steps:

• Respond immediately to any IRS notice.

• Complete IRS Form 14039, Identity Theft Affidavit.

• Continue to pay your taxes and file your return, even if you must do so by paper.

• Refer to the IRS Publication 5027 for additional information.

According to the Comparitech Identity Theft Facts and Statistics (2019-2021) report, 21 percent of identity-theft victims have been victimized more than once. In the case of any identity theft — tax-related or otherwise    take the following steps to prevent further damage:

• Contact the Federal Trade Commission (877-438-4338) or visit to report identity theft and create a recovery plan.

• Contact the Social Security Administration (800-772-1213) or visit to report that your SSN may be compromised.

• Consider filing a report with local or state police.

• Contact your financial institution to inform it that you may be a victim of identity theft.

• Contact at least one of the three major credit bureaus to place an alert on your credit reports (Equifax, Experian, or TransUnion).

For New York businesses, not only is it important to protect your own data and that of employees, but there are laws protecting customer data as well. In 2019, New York Gov. Andrew Cuomo, signed the SHIELD Act into law. Among other mandates, the law adds multiple requirements for protection of username, email addresses, passwords, biometrics, and more for all residents of New York state providing their personal information to any U.S. business. Regardless of industry or size, when implementing cybersecurity tools and processes, businesses must ensure they are complying with all laws in the states they operate in, as well as laws that apply to their customers residing in other states.

The pandemic has created more opportunity than ever for cybercriminals to get their hands on sensitive data. Take the appropriate steps and remain vigilant to prevent or quickly respond to any incidents that may occur and be sure to have conversations with business partners, vendors, and employees to ensure data is protected from all sides.       

Kimberly Hunter, CPA, is a principal at The Bonadio Group. She has more than 25 years of experience providing accounting and tax services for not-for-profit organizations, corporations, partnerships, estates, and individuals.