*this headline is obviously a joke. We have no way of knowing if Heier Weisbrot & Bernstein, LLC has a tax return backlog.
Yet another accounting firm has reported a data breach, this time Heier Weisbrot & Bernstein of Gibbsboro, New Jersey and the details are a bit scarier than just bad actors caught digging around in the firm’s files. In this case, an unauthorized someone or someones got into HW&B’s tax software and attempted to file fraudulent tax returns.
This is what they said in a consumer notification filed with the attorney general of Maine on August 7 (emphasis ours):
Heier Weisbrot & Bernstein, LLC recently completed its investigation of an incident involving unauthorized access to a certain computer system in its network. On June 27, 2024, Heier Weisbrot & Bernstein, LLC detected an attempt by an unauthorized actor to file fraudulent tax returns for a small number of clients. The fraudulent returns were identified and reported to the IRS to be remedied. Heier Weisbrot & Bernstein, LLC worked with the IRS to ensure that any other attempted fraudulent returns are not processed.
Heier Weisbrot & Bernstein, LLC launched an investigation with the assistance of a third party cybersecurity firm. The investigation found that an unauthorized actor accessed Heier Weisbrot & Bernstein, LLC’s tax software between approximately June 22 and June 26, 2024. The files accessible in the tax software contained the name and one or more of the following for seven Maine residents: Social Security number, driver’s license number, and financial account number(s) used for direct deposit of any tax refund if provided to Heier Weisbrot & Bernstein, LLC. For certain of the individuals, the investigation could not conclusively determine whether their information was accessed or acquired by the unauthorized actor. Heier Weisbrot & Bernstein, LLC completed its analysis of the personal information contained in its tax software on July 29, 2024.
According to the full consumer communication filed with the Vermont attorney general [PDF], HW&B is offering a year of identity monitoring services through IDX. These services include: “one year of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”
The firm went on to “strongly encourage” recipients to enroll in the IRS’ Identity Protection PIN (“IP PIN”) program and directed them to IRS.gov/IPPIN to do so.
Added the firm:
We apologize for any inconvenience this may have caused. We have and will continue to take steps to enhance the security of our computer systems to help prevent events such as this from occurring in the future.
See our previous coverage of accounting firm data breaches, including biggies at EY and PwC, here.
