The South Carolina Association of Certified Public Accountants has published an FAQ list to answer lingering questions about the recent compromise of the SC DOR database. The list includes answers to questions by individual taxpayers as well as business owners. Following the questions, SCACPA has provided links to the IRS Identity Theft Toolkits and additional resources.

Individual

How and when will taxpayers be notified if their information has been compromised?
The investigation is ongoing; we do not have that information at this time.

Was bank account information compromised? (Checking account numbers and routing numbers provided for direct deposits)
We are still uncertain as to what information has been compromised but potentially any information contained on a tax return may have been affected.

When will notification be sent to overseas taxpayers?
We are aware that some taxpayers overseas have been alerted about this incident and we are working out the logistics of notifying those individuals.

SCDOR said to register all SSNs on the tax returns with Experian. Experian has told clients that it would be an additional fee not covered by the state for dependents, and that individuals under 18 could not apply.  Can you shed some light on which direction is correct?
Once a taxpayer signs up for the ProtectMyID plan, they will receive correspondence via mail or email within approximately two weeks that will allow them to sign up dependents for the protection plan. This correspondence will contain an activation code where any dependent, as long as they are under age 18, can be signed up via a parent/guardian and be protected by the plan the same.  This is called the “Family Secure” plan. Taxpayers who sign up for protection will also be notified by email or letter about how to sign up for a “Family Secure Plan” if they claim minors as dependents.

Concerning clients who do not have a credit history. The Experian monitoring service will not accept their social security numbers to monitor. What does SC Department of Revenue recommends for these people?
SCDOR has been told by Experian that individuals with no credit history can call the 866 number and the representative will set up a plan for that individual that best suits their needs. However, we are still working with Experian to get a definite answer as to what these taxpayers can do.

Business

Were businesses compromised?
South Carolina Gov. Nikki Haley said  that the information of 657,000 business in the state may have been compromised.

What monitoring services are available to businesses?
Dun and Bradstreet Credibility Corp. will offer free credit-monitoring service to any businesses affected by the hacking case. Businesses can sign up for the service at www.dandb.com/sc or by calling 800-279-9881 beginning at 8 a.m. Friday, Nov. 2.

Can businesses enroll in Experian?
Some businesses filing tax returns may have been affected – as of right now we still are unsure exactly which business data was compromised. However, the fraud alert and security freeze are linked to an individual’s credit report, so if the business is a sole proprietor, partnership or single member LLC they may be able to benefit from these tools.  Corporations, however, would not, and we don’t believe corporations to have been affected.

Would the business and fraud monitoring cover Fiduciary returns as well?
Fiduciary returns should be treated as business returns with the appropriate monitoring for business returns.

Does this apply for all entity types.  If a person files as a Schedule C for a business (and therefore reported on their personal return) do they also need to register the business that filed as a Schedule C?
Although  Schedule C income would be reported under the SSN on a SC 1040, it would be advisable to file under the business monitoring as well so as to protect the EIN.

If a SC business return was filed with a partner’s social security number on the K-1, but they did not file a SC tax return, do they need to register on Experian’s ProtectMyID?
Yes.

Are nonprofits impacted?
Any form filed with DOR (e.g. the 990T) would be something to address; however, if they have no Unrelated Business Taxable Income and have only filed a federal 990 with SOS, they would not be included in this issue.

Does the breach potentially affect sales taxes and state income tax withholding returns?
Yes, these are included in the business returns so they could well be in that group.

General

How will protection be handled for deceased individuals?

For the deceased, as long as the estate is open, the personal representative should be able to register the descendent for the ProtectMyID service.

How can CPAs assist elderly clients who do not use the internet?
SCDOR is currently exploring options in order to target the elderly demographic to make them aware of the situation and sign them up for Experian. SCDOR plans to communicate via senior citizen groups such as AARP and the Council for Aging to disseminate information. The agency predicts as they move forward, the phone lines will be more accessible and therefore this demographic will not have to resort to signing up via the internet.

What is being done for dependents whose social security numbers were listed on tax returns?
Taxpayers who sign up for protection will also be notified – by email or letter – about how to sign up for a “Family Secure Plan” if they claim minors as dependents.

What is the state doing to protect the identities of individuals who may have filed income tax returns during the period involved and who are now incarcerated, whether it is in a city, county, state or federal institution?
The various State Agencies are working together to address taxpayers who may not be able to take care of these matters for themselves.

If families file a joint 1040, do they need to complete credit monitoring for each person listed on the 1040 or will it be tied together?
Each family member should complete the credit monitoring application.

IRS Identity Theft Toolkits

The IRS has provided a volume of information for taxpayers that are or may be victims of identity theft.  With the events in 2013 related to data thefts in South Carolina, it is a good time for CPAs in South Carolina to become familiar or brush up on the IRS’s programs, including when a taxpayer may need an Identity Protection Personal Identification Number ( IP PIN).  Please share these tool kits with your clients and other tax professionals to initiate any necessary action to help protect their identity:

Identity Protection Resources
Taxpayer Guide to Identity Theft
Identity Theft and Fraudulent Obtained Refund Checks

Additional Resources

Tax Adviser Article, Published May 8, 2012
TIGTA and Congress Focus on Identity Theft and Tax Fraud

Tax Adviser Article, Published August 2, 2012
TIGTA Recommends Steps for IRS to Reduce Fraudulent Refunds From Identity Theft

Tax Adviser Article, Published April 15, 2011
IRS Extends, Modifies Program Allowing Truncated Social Security Numbers on Information Returns

Hidden Treasures on IRS.gov relating to Individuals (“Top Picks” for 2011)