Intuit, the parent of TurboTax, is denying a report from the Dark Reading blog Monday (February 26) that TurboTax suffered a breach in which a third party got access to the data of its users.
According to a report in Newsweek, Intuit said it in a statement that the recent blog post about a data breach isn’t correct. “The document referenced in the blog post was a notification to a state that a customer’s account experienced unauthorized access by a third party using legitimate log-in credentials that Intuit believes were obtained from sources outside the company,” Intuit said in the statement.
In the Dark Reading blog, the Website pointed to a disclosure letter it said was filed in Vermont. The letter, however, was notifying the state that a user profile was accessed. The issue had to do with the users’ credentials, not a data breach, noted Newsweek, citing Intuit. Intuit said Monday that the account information at issue may have been obtained from several sources outside of the company.
According to the Dark Reading blog, if the login attempts worked, the hacker or hackers may have gotten sensitive data that includes the prior year’s tax return or current tax returns in progress, social security number, address, birthdate, driver’s license, and financial data. The report noted that Intuit has made the accounts impacted temporarily unavailable to protect the data from even more unauthorized access. In the letter submitted to Vermont, the company says it is offering the impacted person one year of identity protection, credit monitoring and identity restoration services through Experian.
Even the hint of a data breach at TurboTax won’t bode well for the company as tax season picks up. With taxes due in a few weeks, people are turning to services like TurboTax to meet the deadline.