- Intuit notifies owners of TurboTax accounts of a successful breach against them.
- The compromised accounts were temporarily disabled, and victims are urged to follow the designated resetting process.
- No further details regarding when the stuffing attack took place, or how many people were affected were given out.
Intuit, the developer of the TurboTax software suite, has disclosed a stuffing attack incident that unfortunately resulted in a data breach. The attackers have accessed the tax return information of TurboTax accounts of existing customers by using login credentials that they got from elsewhere. This means that the people who had their accounts compromised are those who use the same or similar passwords on multiple platforms and websites. As required by law, Intuit has issued a breach notification filled with the Vermont Attorney General, and so the owners of jeopardized accounts are currently in the process of getting alerted about the incident.
All of these accounts have been temporarily disabled to ensure that the attackers won’t be able to perform any fundamental changes that will result in their irreversible take-over, and those who can no longer login have to contact the company’s Customer Service at 1-800-944-8596 and say “security” when prompted. This will put them through the process of reactivating their accounts after resetting the compromised login credentials. Alternatively, they may send an email at “email@example.com” and follow the detailed guidelines to restore their accounts. Along with the resetting, Intuit will offer free of charge enrollment in a one-year credit monitoring program that will protect the victims of the stuffing attack from unauthorized purchases and fraudulent activities.
Intuit has not clarified the number of the breached accounts, but based on their notice, they reside in Maryland, Massachusetts, and North Carolina. TurboTax is a very popular and praised tax preparation software package that has been around for two decades already, so its user base is naturally quite large. According to their official blog, TurboTax is used by about 36 million taxpayers each year, so the extent of this incident may be quite large. The actual date of the data breach remains also undisclosed for security reasons. Those who have received the notices, however, have gotten this information as well.