The Internal Revenue Service (“IRS”) has an active program of auditing tax-exempt bonds, and conducts those audits in a manner intended to ensure confidential information is not improperly disclosed. As part of those efforts, the IRS’s Tax Exempt and Governmental Entities (TEGE) Division has established its own secure electronic messaging service that may be used to securely transmit and receive data. However, we’ve recently seen emails purporting to be from the IRS regarding the use of its TEGE secure messaging service to respond to an audit of tax-exempt bonds, but that are actually phishing scams intended to steal data from the recipients. Issuers and borrowers should always be on the lookout for phishing or other suspicious emails, whether those appear to be from the IRS or other entities.
If you or your organization experience a data security breach or other cybersecurity incident, Orrick’s nationally ranked Cyber, Privacy and Data Innovation practice is available to help. Our lawyers maintain a 24x7 hotline to assist in cybersecurity incident responses, and regularly direct incident investigations, coordinate notifications and disclosure of breaches, and defend the litigation that follows. The group also helps issuers and borrowers implement cybersecurity governance programs and risk mitigation strategies, as well as to conduct exercises to prepare for cybersecurity incidents, and address cybersecurity issues in transactions.
If you do receive a legitimate notice from the IRS of an audit of tax-exempt bonds, it is important to respond timely, and please contact a member of Orrick’s public finance tax group for assistance.
If you are experiencing a cybersecurity crisis or need help determining if your network has been compromised, please contact Orrick’s Cybersecurity Incident Crisis Hotline by emailing us at [email protected] or call our 24/7 hotline:
United States (U.S.) and Canada
+1 800 972 9306 (Toll-free)
+1 202 339 8544 (Toll)
United Kingdom (UK)
+ 0800-260-5687 (Toll-free)
+44 2078624808 (Toll)