TurboTax Hit with Credential Stuffing Attack, Tax Returns CompromisedTurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised
Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.
February 26, 2019

Update 2/26/2019: This article has been updated to reflect new information regarding the TurboTax incident.
Intuit, a financial software company and creator of services Mint, QuickBooks, and TurboTax, reports the latter has been hit with a credential stuffing attack targeting specific users' tax return information.
The incident was discovered during a system security review, Intuit reported in a breach disclosure letter filed with the Office of the Vermont Attorney General and shared with affected users. Officials explain how an unauthorized party targeted specific TurboTax users by taking usernames and passwords "from a non-Intuit source," which they used in a credential stuffing attack.
If their login was successful, attackers may have accessed data contained in a prior year's tax return or current tax returns in progress. This includes name, Social Security number, address(es), birthdates, driver's license number, and financial data (salary, deductions), as well as information belonging to other individuals included in the victim's tax return, they report.
Upon discovering the problem, Intuit made affected accounts temporarily unavailable to protect data from further unauthorized access. It's offering victims one year of free identity protection, credit monitoring, and identity restoration services via Experian IdentityWorks.
Update: Intuit has issued a statement to emphasize there has been no breach of its systems, and the incident described in the notification letter is related to unauthorized access of specific accounts.
Read more details here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023