Here’s something an increasing number of Payroll pros have had to tell employees: “Your identity has been stolen.”


Fact is, 7% of the U.S. population – 17.6 million citizens – fell victim to identify theft in 2014, according to Mark Eichorn of the Federal Trade Commission (FTC), who spoke at the 2017 Capital Summit.


And because of the growing number of email scams targeting Payroll departments, these crimes are hitting close to home.


Prevention is the best medicine


Eichorn told conference attendees the FTC has tons of useful advice for keeping employee info safe. The FTC suggests you:


Start with security in mind. That means collecting only info you truly need, and destroying it as soon as there’s no longer a business need.


Control access sensibly. Tips: Restrict access to the most sensitive data, and limit admin access.


Create secure passwords. The FTC suggest insisting on using complex and unique passwords, and storing those passwords securely.


Responding to disaster


Of course, there are times when Payroll’s info will be compromised – despite everyone’s best intentions. The IRS has compiled a number of contacts to use if data is stolen.


Here’s what you should know:


Reporting to the IRS: email


Reporting to state tax agencies: email for info and


Reporting to the FBI’s Internet Crime Compliant Center: visit


You’ll then need to advise employees. The IRS suggests you:


Sent the Taxpayer Guide to Identity Theft (, and


Visit for ways to recover from ID theft.


If you receive a W-2 scam email but don’t fall victim, the IRS asks you to forward the email to