The IRS, along with Security Summit partners, urged businesses and individual taxpayers to update their security measures and practices to protect against identity theft targeting financial data. The following steps are recommended to safeguard sensitive information:
- Set security software to update automatically.
- Back up important files.
- Use strong passwords and multi-factor authentication.
- Encrypt all devices.
- Never click, call, or reply without first independently verifying the source.
Further, businesses are encouraged to keep their Employee Identification Number (EIN) updated and report address or responsible party changes within 60 days using IRS Form 8822-B, Change of Address or Responsible Party – Business. If identity theft occurs due to scams targeting Form W-2, businesses can report it using the Business Identity Theft Affidavit (Form 14039-B) if they receive:
- A rejection notice for an electronically filed return due to a duplicate return.
- A notice about a tax return or W-2 forms they didn’t file.
- A notice about the balance due when none is owed.
