IRS tax tips: 6 ways to stop cybercriminals from accessing your private information

The IRS says it has made “major progress” against identity theft in tax returns, but evolving tactics still threaten taxpayers’ sensitive data.

Continue Reading Below

In 2015, the IRS reached out to state officials and professionals in the tax industry to try to fight back against people filing fraudulent returns. Between 2015 and 2018, the number of taxpayers who reported to the IRS that they were victims of identity theft dropped 71 percent, from 677,000 to 199,000, according to IRS data. During that same time, the number of identity theft tax returns the IRS said it stopped dropped 54 percent, from 1.4 million to 649,000.

But the IRS said fraudulent tax returns filed using data stolen from tax professionals can be harder to detect. While efforts have slowed the number of reported fraudulent tax returns, cybercriminals have been increasingly targeting tax professionals’ offices for data theft, officials said.

“The IRS, states and the private sector tax industry have taken major steps to protect taxpayers,” IRS Commissioner Chuck Rettig said. “But a major risk remains, regardless of whether you are the sole tax practitioner in your office or part of a multi-partner accounting firm.”

The IRS recently released a checklist of ways it recommends taxpayers and tax professionals can protect their data. To start, they suggest using typical computer security measures like anti-virus software, a firewall, two-factor authentication and drive encryption.

It’s also a good idea to create a data security plan — it’s federal law for all professional tax preparers to have one for client data. The government asks tax professionals to focus on information systems and ways to detect and manage failures, as well as employee management and training.

The IRS said people should also educate themselves about email scams like phishing emails and ransomware.

And professionals should learn to recognize signs that a client’s data has been stolen, such as letters from the IRS about suspicious returns in their name, having more returns filed with a practitioner’s electronic filing identification number than submitted or receiving unrequested tax transcripts.

In the event of data theft, the IRS said to contact its local stakeholder liaison immediately and contract with a cybersecurity expert to prevent future data thefts.


Sharonne Bonardi, president of the Federation of Tax Administrators board of trustees and the Maryland deputy comptroller, said officials need tax preparers across the country to help fight tax-related identity theft.

“We cannot let our guard down in this fight because our common enemy is well-funded, technologically skilled and savvy about state and federal tax processes,” Bonardi said.

Here's a recap of the six steps the IRS says taxpayers and professionals should take to protect their private information.

  • Install anti-virus software
  • Configure firewalls
  • Use two-factor authentication
  • Backup software
  • Drive encryption
  • Establish an encrypted Virtual Private Network (VPN)