A Taxpayer Horror Story: How One Client’s $800,000 Tax Refund Was Stolen and What Advisors Can Do About It

Kevin KnullAdvisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.

One advisory firm’s high-income venture capital client, who regularly sees major financial gains, is now facing a nightmare. After filing for a tax extension in April 2024, they waited until October 13 to receive their final K-1s and submitted their return on October 15 – only to have the IRS reject it. The reason? According to the IRS, a return had already been filed in their name – a return the client had never submitted. This is deeply distressing, especially with an $800,000 refund at stake.

“An $800,000 return is substantial, but for this client, it's not unusual,” said the advisor, who wishes to remain anonymous so as not to have additional clients targeted. “The IRS likely didn't question it because the client – a private equity and venture capital investor – often has large, fluctuating gains and losses. Their income is ‘lumpy,’ with significant capital gains one year and little the next. To the IRS, this simply looked like another instance of their typical income variability.”

Now they are in limbo, waiting for the IRS to investigate the situation and determine what happened to this substantial sum. As a safeguard, the client has frozen their credit and taken every precaution against identity theft. But right now, they’re left in a precarious position, unsure of how long it will take for answers – or if their refund will be recovered at all.

The ongoing threat of data breaches

So how did this happen? This year saw a massive National Public Data (NPD) breach that exposed 272 million tax ID numbers. The NPD breach should concern everyone given the sheer number of TINs exposed along with names, addresses, and phone numbers. NPD also inadvertently shared passwords to its internal systems, allowing hackers to gain access to volumes of sensitive taxpayer data. The NPD breach wasn’t an isolated event. Several other significant data breaches have also occurred, making the wave of security failures feel unrelenting. The threat is constant, underscoring the need for vigilant data protection.