On August 15, 2016, Wheeler & Egger, CPAs, LLP discovered a data security incident involving their firm and some of their clients whose 2015 tax returns were on Extension. After thorough investigation, they have discovered that the perpetrator(s) hacked into their system, and between August 3rd and 9th 2016, fraudulently filed 45 client tax returns.
Letters were mailed to all affected parties starting on September 13, 2016, advising them that:
If they are an individual, this information may have included their name, gender, birth date, telephone number(s), address, social security number, all employment (W-2) information, 1099 information, direct deposit bank account information including account number and routing information (if provided to them), and supporting documentation including brokerage statements and other documents you may have provided to them.
If they are an entity, this information may have included their company name, Federal Employer Identification Number, address, telephone number, employee and/or 1099-recipient information, partner, shareholder/officer or beneficiary names, addresses, social security numbers, and supporting records.
If you did not receive a letter but are concerned that you could be affected, please call 1-855-303-6663 for verification.
Regarding the incident, Wheeler & Egger, CPAs, LLP immediately contacted their IT consultant to secure their network and hired a third party forensic security firm to perform a thorough investigation into the breadth of the exposure. With the help of their IT consultants: (1) the malware on the impacted computer’s hard drive has been removed; (2) they have made internal software system management changes; and (3) all network firewalls, computers and security protections have been confirmed to be properly functioning.
Wheeler & Egger, CPAs, LLP has also reported this breach to the FBI, IRS, FTB, FDIC, OCC, FRB, U.S. Secret Service, all three consumer reporting agencies, and the applicable State Attorney Generals. They will further assist in any criminal investigation of the cyber intruder(s).
Given the breadth of information potentially exposed, Wheeler & Egger, CPAs, LLP is recommending that those potentially affected be vigilant in reviewing all bank account and brokerage statements, as well as free credit reports. Those potentially affected may also want to change the bank account numbers provided to Wheeler & Egger, CPAs, LLP and/or have a conversation with their bank notifying them of the incident. They can also call the three major credit agencies and place a 90-day fraud alert on their accounts. Contact information is: Equifax (1-888-766-0008; P.O. Box 740241, Atlanta, GA 30374), Experian (1-888-397-3742; P.O. Box 4500, Allen, TX 75013), and TransUnion (1-800-680-7289; P.O. Box 1000, Chester, PA 19022-2000). Lastly, individuals are entitled to a free credit report every year from these agencies at www.annualcreditreport.com.
If identity theft is suspected, report it to law enforcement, including the Federal Trade Commission at https://www.identitytheft.gov/Assistant#. Additional information about avoiding and protecting against identity theft can also be obtained by visiting the above Federal Trade Commission website, or by writing the Consumer Response Center at 600 Pennsylvania Ave., NW, Washington D.C., 20580, or by calling 1-877-IDTHEFT.
As an added precaution, Wheeler & Egger, CPAs, LLP has arranged for complimentary credit monitoring to be provided to those affected for one year through AllClear ID. Please call toll free number 1-855-303-6663 for further information.
Protecting information is incredibly important to Wheeler & Egger, CPAs, LLP as is addressing this incident with the information assistance individuals may need. If you have any questions or concerns, please contact toll free number 1-855-303-6663; or by mail at Wheeler & Egger, CPAs, LLP 133 Old Wards Ferry Rd Ste. J, Sonora, CA 95370.
SOURCE Wheeler & Egger, CPAs, LLP
Gee – one year of free credit reporting! Hopefully these guys have professional liability insurance (at least) or a cyber insurance policy. Even small CPA firms should know they are a juicy target.