California CPA firm reports data breach
Hilderbrand & Clark, a CPA firm based in San Ramon, Calif., has disclosed it detected unauthorized access to its computer systems from abroad while filing tax returns.
The firm said in a news release Thursday that it experienced “unusual activity” while filing two tax returns on extension. It said it immediately notified the Internal Revenue Service, had its local IT firm review the system and hired a specialized forensic IT firm to investigate. On July 10, the forensic IT firm found there was unauthorized access to the firm’s system from a foreign IP address on June 14, 2017.
“Unfortunately, the forensic IT firm cannot determine which files were accessed so they are notifying everyone whose information was accessible out of an abundance of caution,” said the firm.
Hilderbrand & Clark warned clients that the hackers might have accessed information provided to the tax authorities, such as name, date of birth, phone number, address, Social Security number, W-2 and 1099 information, driver’s license details, and bank accounts. The firm said some of its own partners’ and employees’ information may also have been exposed.
Hilderbrand advised clients and others to change all the bank account numbers they have provided to the firm or at a minimum monitor their bank activity, including any direct deposits and electronic fund transfers. It also advised them to set up free 90-day fraud alerts with credit-reporting bureaus such as Equifax, Experian and TransUnion. They should also consider placing a credit freeze on their accounts. If they suspect they have become an identity theft victim, they should file a complaint with the Federal Trade Commission at hpps://identitytheft.gov and with local law enforcement.
Partner Howard Hilderbrand did not immediately respond to a request for comment.
The IRS and its tax industry partners in the Security Summit initiative have been warning tax preparation firms about hackers accessing the computer systems of tax practices, in some cases taking over computers at firms and issuing ransom threats. Much of the activity is thought to originate with organized crime rings in foreign countries.