On July 27, 2022, Gatto, Pope & Walrick, LLP confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on GPW’s network. According to GPW, the breach resulted in the names, addresses, Social Security numbers, government-issued identification numbers and financial account information of certain clients being compromised. GPW also sent out ” NOTICE OF DATA SECURITY INCIDENT” letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Gatto, Pope & Walrick data breach, please see our recent piece on the topic here.
What We Know About the Gatto, Pope & Walrick Data Breach
According to an official notice filed by the company, in April 2022, GPW began receiving reports from clients that the IRS was contacting them, asking the clients to verify their identity. GPW also noticed that the IRS was rejecting an unusually high number of the tax returns it had filed on behalf of its clients. In response to these concerns, GPW took the necessary steps to secure its systems and launched an investigation into what could have caused these issues.
The GPW investigation is still ongoing. However, the company was able to determine that an unauthorized person was able to access at least one employee’s email account, which they used to access or acquire files between March 17, 2022 and May 8, 2022.
Upon discovering that sensitive consumer data may have been accessible to an unauthorized party, Gatto, Pope & Walrick reviewed all affected files to determine what information was compromised and which clients were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, government-issued identification number and financial account information.
On July 27, 2022, Gatto, Pope & Walrick sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Gatto, Pope & Walrick, LLP is a Certified Public Accountant firm based in San Diego, California. GPW focuses on providing tax and business consulting services to high-net-worth individuals and businesses. Gatto, Pope & Walrick prepares tax returns, offers tax advice, and also works with those who are in the process of being audited. Gatto, Pope & Walrick employs more than 46 people and generates approximately $8 million in annual revenue.
What Is Tax Return Fraud?
Tax return identity theft, or tax return fraud, is a type of identity theft where a hacker or other criminal uses stolen information to file a tax return on a victim’s behalf, claiming their tax refund. Often, unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return. Usually, the IRS rejects a return because it’s already been filed.
Below is a list of red flags that someone may have filed a tax return on your behalf:
You receive a letter from the IRS asking about a tax return that you did not file.
The IRS prevents you from e-filing, stating that you have a duplicate Social Security number.
You receive an unsolicited tax transcript that you did not request.
You receive a notice from the IRS indicating that an online account was created in your name.
You receive a notice from the IRS informing you that your existing online account has been accessed or disabled.
You receive an IRS notice stating that you owe additional tax or that you face collection actions for a year you did not file a tax return.
IRS records show that you received wages or other income from a company you never worked for.
You receive notice from the IRS that you were assigned an EIN but did not request a new EIN.
Given the risks of tax return fraud and the enormous burden of straightening the situation out with the IRS, it is imperative that data breach victims take all necessary steps to protect themselves. Aside from keeping a close eye on financial statements and credit reports, victims should also consider filing their tax returns as early as possible. This way, if anyone does try to use your Social Security number to file a fraudulent tax return, it will be the criminal’s filing that gets rejected.