Submitted by Lake Kennedy McCulloch
Lake Kennedy McCulloch, CPAs PS sent emails to individual tax return clients on Feb. 22, notifying that their personal information may have been compromised in a data breach.
Staff learned from the IRS that some of the 2016 tax returns the company electronically filed were rejected because someone, other than the taxpayers or Lake Kennedy McCulloch staff, had fraudulently filed returns. After a preliminary investigation, it was discovered that perpetrators had illegally hacked into the company’s system, and accessed 2015 tax return information for a number of individual tax clients. Using this information, staff believe the perpetrators fraudulently filed some 2016 returns to obtain tax refunds.
Lake Kennedy McCulloch staff are deeply sorry this data breach occurred, and for the worry and inconvenience, this may cause those affected. Staff come to work every day looking forward to helping clients who trust them. They are extraordinarily concerned and doing their best to protect clients from any harm from this data breach.
Lake Kennedy McCulloch staff have alerted the IRS, are working with the agency’s Criminal Enforcement Division and reaching out to other law enforcement as appropriate, including the FBI. They are working with these agencies to assist investigations.
Staff are currently working with their local IT consultant and have engaged an IT firm specializing in forensic investigation and analysis. The IT consultants are ensuring all malware has been removed and confirming that network firewalls, computers and security protections are properly functioning.
Affected clients will be informed of action steps as staff continue to consult with experts. Action steps will include instructions for credit monitoring services staff plan to make available.
In the meantime, clients can contact the company if they have received any information from the IRS concerning tax filings. They ask clients to remain vigilant in reviewing bank account and brokerage statements, as well as free credit reports. Consider changing bank account numbers and bank account passwords. You can place a 90-day fraud alert on your accounts by contacting one of the credit agencies Equifax, Experian, or TransUnion.