Intuit Reports Stuffing Attempts Against TurboTax Customers

Last updated February 26, 2019
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist
Image Source: turbotax.intuit.com

Intuit, the developer of the TurboTax software suite, has disclosed a stuffing attack incident that unfortunately resulted in a data breach. The attackers have accessed the tax return information of TurboTax accounts of existing customers by using login credentials that they got from elsewhere. This means that the people who had their accounts compromised are those who use the same or similar passwords on multiple platforms and websites. As required by law, Intuit has issued a breach notification filled with the Vermont Attorney General, and so the owners of jeopardized accounts are currently in the process of getting alerted about the incident.

intuit_notification_letter

source: ago.vermont.gov

All of these accounts have been temporarily disabled to ensure that the attackers won’t be able to perform any fundamental changes that will result in their irreversible take-over, and those who can no longer login have to contact the company’s Customer Service at 1-800-944-8596 and say “security” when prompted. This will put them through the process of reactivating their accounts after resetting the compromised login credentials. Alternatively, they may send an email at “[email protected]” and follow the detailed guidelines to restore their accounts. Along with the resetting, Intuit will offer free of charge enrollment in a one-year credit monitoring program that will protect the victims of the stuffing attack from unauthorized purchases and fraudulent activities.

Intuit has not clarified the number of the breached accounts, but based on their notice, they reside in Maryland, Massachusetts, and North Carolina. TurboTax is a very popular and praised tax preparation software package that has been around for two decades already, so its user base is naturally quite large. According to their official blog, TurboTax is used by about 36 million taxpayers each year, so the extent of this incident may be quite large. The actual date of the data breach remains also undisclosed for security reasons. Those who have received the notices, however, have gotten this information as well.

Are you using TurboTax or any other tax filling software suite? Share your thoughts and comments beneath, and don’t hesitate to do the same on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: