The IRS and its Security Summit partners launched a five-week “Protect Your Clients; Protect Yourself” campaign on July 7, 2026, aimed at helping tax professionals — and by extension, the small businesses that rely on them — defend against a fresh wave of tax-related identity theft.
Table of Contents
What happened
Now in its 11th year, the Security Summit partnership between the IRS, state tax agencies, and the tax industry is running a weekly series through the summer covering new scams targeting tax professionals, phishing and “whaling” attacks, how to build a written information security plan, security tools like multi-factor authentication and Identity Protection PINs, and how to spot and report identity theft once it’s happened. The campaign runs alongside the 2026 IRS Nationwide Tax Forums, a multi-city series (Chicago first, with New Orleans and New York City in August, and Orlando and San Diego in September) where the IRS and partners are demonstrating security tools directly to practitioners.
IRS CEO Frank J. Bisignano framed the stakes directly: “Tax professionals play a critical role in defending against tax-related identity theft and protecting the tax system’s integrity.” Drake Software’s Taylor Rodier added that “protecting client data is essential to ensuring taxpayers can file with confidence.”
Why it matters
Every small business that files taxes, runs payroll, or works with a bookkeeper or preparer hands over sensitive data — EINs, bank account numbers, employee SSNs — to a third party at some point in the year. Tax professionals are a high-value target for identity thieves precisely because a single compromised preparer can expose dozens or hundreds of clients’ data at once. The IRS is treating this as urgent enough to run a dedicated, multi-week public campaign rather than a single notice.
What this means for small business owners
If you work with a tax preparer, bookkeeper, or payroll provider, this is a good prompt to ask directly: do they have a written information security plan, and do they use multi-factor authentication on the systems that hold your data? The IRS specifically flags a written security plan as a baseline expectation for practitioners this year, not an optional best practice.
If you handle any of your own bookkeeping or payroll in-house, the same five weekly themes apply to you: know what a phishing or “spear phishing” attempt targeting your business looks like, use MFA everywhere you can, and know in advance who you’d call — a local IRS Stakeholder Liaison, and your state tax agency via the Federation of Tax Administrators’ breach-reporting portal — if you suspected a data breach. Deciding that plan after a breach happens is too late.
“Tax professionals play a critical role in defending against tax-related identity theft and protecting the tax system’s integrity.” — Frank J. Bisignano, IRS CEO
The bottom line
The IRS is putting real weight behind data security this summer, and the message applies whether you outsource your books or handle them yourself: verify your preparer’s security practices, put basic protections like MFA in place, and know your breach-reporting steps before you need them.
Source: IRS.gov




