I have one taxpayer with a 14039 still waiting. Calls to the IRS are answered with the exact same script. They are processing and no date to receive refund is available at this time. There is no separate number. Judging from experience from last year I had advised my client that it will be close to November before they see that refund.

Long time delay for refunds with ID theft issues involved

For the filing season of last year, I had a client who efiled in early April and the returns were rejected due to identity theft.

Paper returns (IRS and state) were subsequently prepared, along with the required Form 8948 and the affidavit Form 14039, and the returns were mailed just before the April 15th filing deadline.

The two refunds did not show up until sometime in October. As the IRS has gotten "leaner" and the number of ID tax thefts has increased dramatically, I would assume a similar, if not greater, time delay can now be expected for recently filed returns.

FWIW: Other than perhaps a "we got your letter" notice, it took even longer for the client to hear anything re the Form 14039 issues. Client was eventually issued a PIN and the filing of the 2014 returns went quite smoothly.

I personally rarely chase down refunds for clients, as there are too many variables involved. For Burke's ID theft client, I would think any refunds that appear prior to Labor Day should be accepted as a minor miracle.

FE

I had a whole bunch of these last year. The refunds took anywhere from 3 months to 8 months. The number to call to check on status is the ID Theft & Fraud Dept, 1-800-908-4490, Ext 245, although a person needs to have other things to do while they wait on hold for a good hour listening to that horrible song they play over and over. A person may think it's just easier to wait the 3 to 8 months, but sometimes a file can be sitting in the pending department waiting for the taxpayer to identify his/her identity, even though the person has no clue they are supposed to do that. Some people may get a letter asking them to verify their identity by calling a number or going to a website, but some may not get any notification that their refund is being held up because of it.

Unfortunately, the whole efiling system is not working and the IRS keeps trying to make it work like it did at first before the crooks figured out how to make easy money for a couple of months, then hide for the rest of the year. Meanwhile, honest people who just want to abide by the law by filing and paying their income tax are having their lives ravaged by no fault of their own. Nobody can get help from the IRS because of the budget cuts, but all the while they are sending billions of dollars to crooks every year. It's appalling!! How can they send out a "refund" that is thousands of dollars more than a person has in their withholding account? It's money the IRS has no business sending to anybody -- not even the rightful owner of that SSN!

Okay, I'll get off my soapbox. Because I had so many of these last year, I'm kind of an expert I suppose, so I'll be glad to answer anybody's questions about it.

BTW all my clients who were rejected last year and did the 14039 thing were able to file their tax return this year with no problem.

Linda

>> BTW all my clients who were rejected last year and did the 14039 thing were able to file their tax return this year with no problem.

Linda did everyone of them use the IP PIN to e-file?

Well, believe it or not, not all of them were given an IP PIN. Some of them got a letter with the assigned PIN#, some got a letter saying they were eligible for a PIN and had the option of going to the "get-an-ip-pin" website (which was down a LOT due to technical difficulties), and some got a letter saying they didn't need a PIN and should file their tax return like normal. One of my clients who got that 3rd letter got rejected because he didn't enter his IP PIN, even though they never gave him one. It took 3 days of trying to contact the IRS to finally get him a PIN# and fortunately, we finally got it through. Several of my clients got a PIN through the website and their tax returns went through, and those who never got the website to work and filed without the PIN went through as well. Many of them were delayed, and I'm assuming that it's because their accounts were flagged from what happened the year before, so I'm glad the IRS is at least monitoring them.

The reason I had so many rejects is because somebody hacked into my 2012 efile database at Drake software. I believe that since then they have put better security measures, but of course I am not using their software anymore after enduring what I believe is a tax preparer's worst nightmare. I have put in several better security measures myself. Unfortunately, the hackers don't have anything else to do but figure out ways to hack. Meanwhile, we are working full time to earn a living in addition to keeping our clients' info safe.

I don't see why the IRS can't just issue everybody a PIN#. It seems to me that would take less man hours to accomplish than what it's taking to resolve all the after-the-fact cases. I would also like to see them get all the W-2 info into the computers before sending out "refunds." If employers have the W-2s out to the recipients by the end of January, why can't they have the info electronically filed with the IRS by that time as well?

I remembered reading about this on the board at the time, but couldn't recall who it happened to. I can't think of a worse thing to happen to erode client confidence even when you explain it to clients. What did/could you do about it? Did Drake help or deny any liability? Did IRS give any assistance?

Fortunately, I only lost a handful of clients over this. Most of my clients have stuck with me because they trust me and realize this could have happened to anyone anywhere. And it IS happening to everyone everywhere! Another day, another hacking . . . Greedy people all over the world are figuring out how valuable the American Social Security number can be for collecting some quick easy cash for a couple of months a year.

No, neither Drake or the IRS were any help. I stopped posting anything on the Drake forum because anytime I entered a discussion about fraud or identity theft, the entire thread mysteriously disappeared. After spending several days on the phone trying to get help from Drake or the IRS or other agencies, I came to the conclusion that I was on my own and my job was to take care of my clients the best I could. So that's what I did. I shut down my office for 2 days to get a letter written and out to all my clients explaining what happened and what they could do to protect themselves from further exploitation. I shopped around for another software that was more secure and settled on ProSeries (it is more secure, although I wouldn't necessarily recommend it, because it's a rather cumbersome program with a big learning curve). I bought a brand new laptop to be used exclusively for business and hired an internet security specialist who installed the Sophos antivirus program on it among some other security features. Then the rest of the season was pretty much full from filing tax returns and the 14039s with the paper returns, and fielding phone calls from distraught clients, etc., etc., etc.

Then during the off-season, I was checking in with clients to see if they got their refunds and asking them if there was any monkey business in any other area of their lives, and thankfully there wasn't. I had 2 clients who had received letters from American Express thanking them for their application for a credit card, and neither of them had applied for a card, but I'm thinking that was not connected to this incident, because it only happened to 2 of them. I think these crooks who are in the business of filing fraudulent tax returns have figured out that if you move out into different areas of a victim's life, you have a much greater chance of getting caught, so they have to discipline themselves to be satisfied with the thousands & thousands of dollars they collect before April 15th every year.

Which software did you switch to?

ProSeries, and I basically hate it, although they have a much more secure way of storing client info online. With Drake, if I wanted to check the EF status of a client, I would log into the online efile database where all of my clients were listed with name, SSN, address, phone#, refund or balance due amount, and efile status. With ProSeries, you need to already know the SSN of a client to log in for efile status info. If I want to know client efile status, I log into my account, then I can check the status of a client by entering his/her SSN. Of course, that means you can only check one client at a time, but it prevents a person from cracking your log-in info then logging in to a veritable jackpot of information.

Range of problem

One would think if someone had hacked the Drake data base there would have been multiple instances (other Drake users) of a similar problem. Were you one of many, or an isolated case? If one of many, Drake should have some serious liability issues to address re their software. I would have my attorneys on them in no time flat!!

But, if an isolated case, the issue would appear to be "in house" at your business. Malware/spyware was somehow installed. . .and remained. . .on your computer(s) ?? There are many good firewall/antivirus programs out there, so I don't really see a need to seek something that would withstand CIA-type levels of tampering. That should otherwise be an easily fixable problem.

Assuming your laptops did/do use wifi, was the wifi signal always secure and/or encrypted? Also, were your system updates (Win 7 now sends out ~one/month) current and installed? Hopefully you were running a system a couple of steps up from Win XP? Did you ever receive (possibly infected) data files from a client and/or use another person's flash drive and/or ever use your flash drive on a "foreign" computer?

Is there any chance an employee who had access to your data might be a potential problem?? Assuming Drake has some kind of user ID/password, could those have been compromised by a third party (and there may have been *NOTHING* wrong with your prior computer!)?

While I certainly understand the issues you've faced after the security breach, and also have greatest sympathy for all you've been through, I'm still having a hard time wrapping my head around a good reason why **ONLY** the Drake database information for manyhappyreturns was impacted. (This is completely different from the "ID thefts" that occur separate from inside a specific tax business.)

As for your questions about ProSeries, I only have had cursory exposure to their software.

FE

I don't know if any other Drake users got hacked. That is something they certainly wouldn't have told me about if it had happened. All somebody would have had to do is know my name and my EFIN, and they could have gotten a lot of information by calling Drake tech support. I have other theories which I have been kicking around for over a year, but nothing conclusive. Somebody could have hacked into my email, although that's just one of the theories. If you forget your password, Drake will send it to your email (or at least that was the way it used to be). I have cable connections at the office and at home, so I don't need to use WIFI for any reason. I don't have any employees and never did, and my husband and I are the only ones who have keys to my office. I get data from clients from their paperwork, not from flash drives or Quickbooks or any electronic transfer, so no infections could have come that way.

Wow, I think I must still have PTSD from the whole ordeal, because now that the subject has come up on this board, I'm noticing that I'm getting all stressed out again! When the whole hacking incident, or rather my realization of it, was unfolding last year, and while I was trying to solve it and prevent further damage from it, I was answering all of these same questions from several people. So this is all bringing back very bad memories of a trauma that I'm not over yet. The good news (for me, anyway) is that I haven't had any new monkey business happen since the hacking of my account back in October of 2013.

I'm paranoid on that too. It surprises me that tax companies will give out in formation with nothing more than what is printed on a tax return that you would give anyone. Have a savvy fraudster visit you to get a tax return prepared and they then have your EFIN, your address, business name, even the software you use (because each software company prints different letters/codes at the bottom of the forms.) They could then call up your software company and try to get a copy of all your returns, your website password, etc... and I would bet they'd have good luck considering the seasonal nature of our business and thus the seasonal employees at the software companies.

Of course, what are the odds a savvy fraudster is going to visit you. But, more likely, a pissed off employee or perhaps the competition across the street that does less than ethical return preparation. It scares me. I always set a password for everything. I imagine most of the tax software companies would be willing to note the account to require a password. Hopefully.

If an ex-employee knows your EFIN, PTIN, EIN and what have you it is very easy for them to fool any tax software company support line or any other business software support that you may have to get information that you did not wish to disclose. When you call customer service for most business support you are generally asked to verify account #, address and one ot two other minor detail that an associate or employee will most likely have the answer.

I am more concerned if a savvy computer technician can make a clone of my hard drive or copy certain files when the encryption is off while fixing a problem! Last year my new computer's hard drive was behaving erratically so support wanted to visit and take a look at it and replace it free. But the deal was they were going to take the old drive back for analysis by the manufacturer and that was in the warranty contract. I choose to pay for a new hard drive and destroy the old drive myself.

Which is information that is on every return I preparer.