TurboTax customer accounts affected by cyberattack

The attacks were the result of poor password management by users

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Financial softwaremaker Intuit has notified users of itsTurboTaxplatform that some of their personal and financial information was accessed by attackers in what appears to be a series of account takeover attacks.

“By accessing your account, the unauthorized party may have obtained information contained in a prior year’s tax return or your current tax return in progress, such as your name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions), and information of other individuals contained in the tax return,” explained Intuit in the breach notification letter sent to customers.

The company added that it has taken “various measures” to help protect itstax softwarecustomer accounts, adding that investigations suggest that the attack was not a “systemic data breach of Intuit.”

Poor password hygiene

Poor password hygiene

Intuit suggests that the accounts were compromised as part of an account takeover attack, where cybercriminals use users credentials gleaned from data breaches on other online services. These attacks are the result of users reusing the same login credentials on multiple online services.

The accounts breach came to light during a regular security review, leading to further investigations that revealed the attack had exposed various details about the customers.

As soon as the attack came to light, Intuit temporarily disabled the breached TurboTax accounts. Intuit has also provided a complimentary one year subscription toidentity protection servicesto the affected customers.

Bleeping Computerfurther reports that TurboTax customers have been targeted in at least three other account takeover attacks in2014/2015and most recently in2019.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)