TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised

Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.

Update 2/26/2019: This article has been updated to reflect new information regarding the TurboTax incident.
Intuit, a financial software company and creator of services Mint, QuickBooks, and TurboTax, reports the latter has been hit with a credential stuffing attack targeting specific users tax return information.
The incident was discovered during a system security review, Intuit reported in a breach disclosure
letter
filed with the Office of the Vermont Attorney General and shared with affected users. Officials explain how an unauthorized party targeted specific TurboTax users by taking usernames and passwords from a non-Intuit source, which they used in a credential stuffing attack.
If their login was successful, attackers may have accessed data contained in a prior years tax return or current tax returns in progress. This includes name, Social Security number, address(es), birthdates, drivers license number, and financial data (salary, deductions), as well as information belonging to other individuals included in the victims tax return, they report.
Upon discovering the problem, Intuit made affected accounts temporarily unavailable to protect data from further unauthorized access. Its offering victims one year of free identity protection, credit monitoring, and identity restoration services via Experian IdentityWorks.
Update:
Intuit has issued a statement to emphasize there has been no breach of its systems, and the incident described in the notification letter is related to unauthorized access of specific accounts.
Read more details
here
.

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised