Identity Theft Information for Businesses

 

Identity theft is a serious threat to business, partnership, estate and trust filers. Thieves may steal sensitive information to file a fraudulent tax return for a refund or to commit other crimes. All taxpayers must be alert and on guard at all times. It is important to take strong security measures to protect your business' and your employees' data.

Know the Signs of Identity Theft

Be alert to possible business identity theft if:

  • You can't e-file a return because one was already filed with the same EIN or SSN.
  • You get a rejection notice for a routine extension to file request because a return with duplicate EIN or SSN is already on file.
  • You receive an unexpected tax transcript or IRS notice that doesn't match anything submitted.
  • You receive a Letter 6042C or 5263C from us.
  • You don't receive expected or routine correspondence from the IRS because the business address has been changed.

Report Suspected Identity Theft or Data Loss

Report suspected identity theft by submitting an affidavit

Report identity theft on our business help line

Report a suspected business data security breach

Report a Form W-2 email scam involving employee data

Protect Your Business and Prevent Data Loss

Take the strongest actions possible to safeguard your systems and data. Here are recommendations:

Protect your business data with these basic steps:

  • Install anti-malware/anti-virus security software with automatic updates enabled on all devices:
    • Laptops, desktops, routers, tablets and phones
  • Deploy firewall protections on your network
  • Use responsible passwords with:
    • At least eight characters (longer is better)
    • Special and alphanumeric characters
    • Passphrases instead of passwords
    • Unique passords for each account
    • Protection on wireless devices
    • A password manager
  • Choose multi-factor authentication when available
  • Encrypt sensitive files and emails with strong password protection.
  • Back up sensitive data to a secure, external source not connected to your network.
  • Destroy old computer hard drives and printers that contain sensitive data.
  • Limit access to personal data only to individuals who need to know.
  • Enter personal data only on secure sites with web addresses that begin with "https."

Creating and maintaining a data security plan is key. If you can afford it, contact a cybersecurity consultant. If not, find help in IRS Publication 4557, Safeguarding Taxpayer Data PDF or in one of these guides:

You can help employees protect themselves and your business with information about data security. 

Share the Taxpayer Guide to Identity Theft andPublication 4524, Security Awareness for Taxpayers PDF .

Provide employees with basic data security information and practices. For example:

  • Beware of phishing emails, the most common tactic used to steal data
  • Do not respond to suspicious or unknown emails.
  • Never open or download attachments from unknown senders, even potential clients.
    • Verify the email is authentic by calling them.
  • Only email documents that are password-protected and encrypted.
  • Use separate personal and business email accounts.
  • Protect your email accounts with strong passwords and two-factor authentication, if available.

It is important that all entities with an Employer Identification Number (EIN) keep the number safe and the application up-to-date with accurate responsible party and contact information. Update your EIN with Form 8822-B PDF .

How We Protect Business Filers

The IRS, state tax agencies and the tax industry work in coordination as the Security Summit to protect taxpayer data. Our program includes safeguards that identify suspicious returns. When we identify a business-related return that is potentially fraudulent, we issue a letter to the taxpayer seeking additional information before processing the tax return. Common letters are:

Please respond immediately to IRS correspondence.

The IRS also asks tax professionals preparing business-related returns to answer a series of questions to help authenticate the validity of the business return. Tax preparation software for business-related returns also asks these questions.

We never:

  • Initiate contact with taxpayers by email, text or social media to request personal or financial information
  • Call taxpayers with threats of lawsuits or arrests
  • Call, email or text to request taxpayer Identity Protection Pins