Monetary software program firm Intuit has notified TurboTax clients that a few of their private and monetary data was accessed by attackers following what seems like a collection of account takeover assaults.
In a breach notification letter despatched to affected clients earlier this month, the corporate stated that this was not a “systemic information breach of Intuit.”
In account takeover assaults, cybercriminals achieve entry to their victims’ accounts utilizing credentials stolen from different on-line providers following previous information breaches.
One of these assault works extremely nicely towards targets who use the identical login credentials for a number of websites or providers.
TurboTax accounts hacked utilizing reused credentials
Intuit found throughout a safety assessment that an undisclosed variety of TurboTax accounts was breached and buyer information was uncovered.
The corporate’s investigation revealed that the menace actors used credentials (usernames and passwords) obtained from “a non-Intuit supply” to realize entry to the accounts.
“By accessing your account, the unauthorized social gathering might have obtained data contained in a previous yr’s tax return or your present tax return in progress, akin to your title, Social Safety quantity, tackle(es), date of delivery, driver’s license quantity and monetary data (e.g., wage and deductions), and knowledge of different people contained within the tax return,” Intuit defined.
“We deeply remorse that this incident might have an effect on you. Intuit has taken varied measures to assist make sure that the accounts of affected clients are protected. We’re notifying you so you’ll be able to take steps to assist defend your data,” the corporate added.
After discovering the assaults, Intuit quickly disabled the breached TurboTax accounts. Customers who had their accounts deactivated should contact Intuit’s Buyer Care division at 1-800-944-8596 and say “Safety” when prompted.
Afterward, Intuit staff will stroll them by an id verification process designed to assist reactivate the accounts.
Earlier alerts of menace actors taking up TurboTax accounts
This isn’t the primary time attackers have efficiently hacked into TurboTax customers’ accounts and stole monetary and private data.
Simply as after the earlier three incidents, Intuit offers one yr of free id safety, credit score monitoring, and Experian IdentityWorks id restoration providers to impacted clients.
Intuit and TurboTax spokespersons weren’t accessible for remark when contacted by BleepingComputer earlier for additional information on the breach dates and the variety of impacted accounts.