The Department of Revenue (DOR) needs the help of tax professionals to stop fraudulent refunds from being issued. The sooner DOR can learn about a data security breach, the better we are able to protect both your client and state resources.
Tax returns that are filed using breached information from a licensed tax professional are hard to detect because they are prepared using accurate information and look like previously filed returns.
Oregon Revised Statutes (ORS) 305.804 requires tax professionals to notify DOR within five days if they discover a data security breach or have reason to believe that a breach has occurred. The tax professional must provide DOR the name, address, and tax ID number of the consumer whose personal identification has been compromised.
With the help of tax professionals who served on a Rules Advisory Committee, Oregon Administrative Rule (OAR) 150-305-0481 was approved. The rule took effect Jan. 1, 2022.
- In the event of a breach, the tax professional must contact DOR within five days to provide the required information, including preparer tax identification number (PTIN).
- If the tax professional is unable to provide the required information
within five days due to the information being unavailable in cases such as ransomware attacks, they must contact DOR again
within 15 days of recovery of data to provide the required information.
For data breaches in excess of 250 consumers, reporting information is available at the Department of Justice (DOJ) Web site.
Contact ODR if you experience a data security breach, or suspect one occurred, please contact DOR.