Data breach at local firm results in fraudulent tax returns

PRESS RELEASE: Lake Kennedy McCulloch, CPAs PS sent emails to our individual tax return clients on Wednesday, February 22, 2017, notifying them that their personal information may have been compromised in a data breach.

We learned from the IRS that some of the 2016 tax returns we electronically filed were rejected because someone, other than the taxpayer or us, had fraudulently filed the return. After a preliminary investigation, we discovered that perpetrators had illegally hacked into our system, and accessed 2015 tax return information for a number of our individual tax clients. Using this information, we believe they fraudulently filed some 2016 returns for the purpose of obtaining tax refunds.

We are deeply sorry that this data breach occurred, and for the worry and inconvenience this may cause those affected. We come to work every day looking forward to helping our clients who trust us. We are extraordinarily concerned and doing the best we can to protect our clients from any harm this data breach may cause.

We have alerted the IRS and are working with the agency’s Criminal Enforcement Division, and are reaching out to other law enforcement as appropriate, including the FBI. We are working with these agencies to assist in their investigation and interruption of the cyber criminals.

We are currently working with our local IT consultant and have engaged an IT firm specializing in forensic investigation and analysis. Our IT consultants are assisting us to ensure any malware has been removed, and to confirm that our network firewalls, computers and security protections are properly functioning.

We will keep our affected clients informed of action steps as we continue to consult with our experts, which will include instructions for credit monitoring services we plan to make available. In the meantime, we ask our clients to contact us if you have received any information from the IRS concerning your tax filings.

We ask our clients to remain vigilant in reviewing your bank account and brokerage statements, as well as free credit reports. Consider changing bank account numbers and bank account passwords. You can place a 90-day fraud alert on your accounts by contacting one of the credit agencies: Equifax, Experian, or TransUnion.


Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top