BreachExchange mailing list archives
TurboTax Hit with Cyberattack, Tax Returns Compromised
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 26 Feb 2019 00:39:18 -0600
https://www.darkreading.com/threat-intelligence/turbotax-hit-with-cyberattack-tax-returns-compromised/d/d-id/1333954 Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source. Intuit, a financial software company and creator of services Mint, QuickBooks, and TurboTax, reports the latter has been hit with a credential stuffing attack targeting users' tax return information. The incident was discovered during a system security review, Intuit reported in a breach disclosure letter filed with the Office of the Vermont Attorney General and shared with affected users. Officials explain how an unauthorized party targeted TurboTax users by taking usernames and passwords "from a non-Intuit source," which they used in a credential stuffing attack. If their login was successful, attackers may have accessed data contained in a prior year's tax return or current tax returns in progress. This includes name, Social Security number, address(es), birthdates, driver's license number, and financial data (salary, deductions), as well as information belonging to other individuals included in the victim's tax return, they report. Upon discovering the problem, Intuit made affected accounts temporarily unavailable to protect data from further unauthorized access. It's offering victims one year of free identity protection, credit monitoring, and identity restoration services via Experian IdentityWorks. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- TurboTax Hit with Cyberattack, Tax Returns Compromised Destry Winant (Feb 26)