Skip to main content

Oregon State Flag An official website of the State of Oregon »

Notice of data and security breach

The Department of Revenue (DOR) needs the help of tax professionals to stop fraudulent refunds from being issued. The sooner DOR can learn about a data security breach, the better we are able to protect both your client and state resources.

Tax returns that are filed using breached information from a licensed tax professional are hard to detect because they are prepared using accurate information and look like previously filed returns.

Oregon Revised Statutes (ORS) 305.804 requires tax professionals to notify DOR within five days if they discover a data security breach or have reason to believe that a breach has occurred. The tax professional must provide DOR the name, address, and tax ID number of the consumer whose personal identification has been compromised.

With the help of tax professionals who served on a Rules Advisory Committee, Oregon Administrative Rule (OAR) 150-305-0481 was approved. The rule took effect Jan. 1, 2022.

  • In the event of a breach, the tax professional must contact DOR within five days to provide the required information, including preparer tax identification number (PTIN).
  • If the tax professional is unable to provide the required information within five days due to the information being unavailable in cases such as ransomware attacks, they must contact DOR again within 15 days of recovery of data to provide the required information.

For data breaches in excess of 250 consumers, reporting information is available at the Department of Justice (DOJ) Web site.

Contact DOR if you experience a data security breach, or suspect one occurred.

Contact us

To reach our dedicated practitioner specialist:


Phone: 503-947-3541


Stay up-to-date