On July 29, 2022, Wisan Smith Racker & Prescott confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on WSRP’s network. According to WSRP, the breach resulted in the ELEMENTS being compromised. Recently, WSRP sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the WSRP, LLC data breach, please see our recent piece on the topic here.
What We Know About the WSRP, LLC Data Breach
According to an official notice filed by the company, on June 14, 2022, WSRP learned that an unauthorized party had filed fraudulent tax returns on behalf of several of the company’s clients. In response, WSRP conducted an investigation into the incident, learning that one of the company’s systems had been breached. In response, WSRP engaged the assistance of cybersecurity professionals to determine the nature and scope of the incident, as well as what, if any, consumer data was leaked as a result.
The WSRP investigation confirmed that an unauthorized party gained access to this company’s computer system at various times from April 21, 2022, until April 28, 2022, and again on May 26, 2022. The investigation also revealed that the unauthorized party stole certain files containing sensitive client data.
Upon discovering that client data was accessible to an unauthorized party, WSRP, LLC then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license or state identification card number, passport number, military identification number, government-issued identification number, financial account information, date of birth, electronic signature, medical information, and health insurance information.
On July 29, 2022, WSRP, LLC sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Wisan Smith Racker & Prescott
Founded in 1985, Wisan Smith Racker & Prescott is an accounting firm based in Salt Lake City, Utah. The firm provides assistance to individuals and businesses related to tax audits and tax services and also serves as a business consultant for its corporate clients. WSRP also provides a suite of related services, including those related to valuation, risk management, succession planning, and employee benefit plans. WSRP, LLC employs more than 100 people and generates approximately $18 million in annual revenue.
Tax Return Identity Theft Appears to Be on the Rise
In recent weeks, several accounting firms across the country have reported data breaches after receiving reports that unauthorized parties have filed fraudulent tax returns on behalf of their clients. These data breaches involve a type of fraud called tax return identity theft, or tax return fraud. Tax refund fraud is a type of identity theft where a criminal uses stolen information to file a fake tax return in hopes of obtaining the victim’s tax refund. Often, this type of fraud is difficult to detect, and many victims do not learn they’ve been victimized until the IRS rejects their tax return, informing them that a return for that year was already filed.
While determining you’ve been a victim of tax refund fraud can be challenging, below is a list of red flags that may indicate someone filed a fraudulent tax return on your behalf:
You get a letter from the IRS regarding a tax return that you did not file.
The IRS informs you that you cannot e-file because you have a duplicate Social Security number.
You receive a tax transcript in the mail that you did not request.
You get a notice from the IRS confirming you opened an online account.
You receive a letter from the IRS stating that your online account has been accessed or disabled.
You get an IRS letter stating you owe additional tax for a year you did not file a return.
IRS records show that you received wages or other income from a company you did not perform any work for.
You receive an IRS notice that you were assigned an EIN but did not request a new EIN.
Given hackers’ recent focus on targeting accounting firms and the serious consequences of tax refund fraud, it is essential that data breach victims take all necessary steps to protect themselves. This includes keeping a close eye on your financial statements and credit reports but also filing your tax return as early as possible. Filing early can prevent tax refund fraud because it limits the time criminals have to file a fraudulent return.