TurboTax accounts hacked — what to do now

1. Abode
2. News
3. Security

TurboTax accounts hacked — what to exercise now

(Image credit: Shutterstock)

Updated with comment from Intuit.

Financial-software maker Intuit has warned some users of its TurboTax revenue enhancement-render-preparation software that their accounts may have been compromised.

Intuit has locked those customers out of their accounts, Bleeping Computer reported. Affected TurboTax customers must call (800) 944-8596 and country the word "Security" when prompted, after which Intuit tech-back up representatives volition walk them through the procedure of regaining access.

• Why you should never reuse a password
• The best identity theft protection services
• Plus: 3.3 million customers hit by VW information breach — what to do

The account compromises are the result not of any security failure on Intuit's end, Bleeping Computer reports, but of customers reusing passwords for their TurboTax accounts on unrelated accounts.

Tom's Guide has reached out to Intuit to confirm that notifications were sent to affected TurboTax customers, and nosotros volition update this story when we receive a respond. There was no immediate indication of how many TurboTax customers may take been affected.

Bleeping Calculator said the notification sent to TurboTax customers warned that the personal information compromised may include "your name, Social Security number, address(es), date of birth, driver'south license number and fiscal information (e.g., salary and deductions), and information of other individuals contained in the tax return."

Tax returns are a gold mine for identity thieves because they contain about of the information required to open up accounts in other people's names, such as Social Security numbers and street addresses.

Standard U.S. revenue enhancement forms exercise non enquire for the tax filer's appointment of birth or driver's license number, but it's possible that that information is independent in TurboTax accounts.

What to exercise if your TurboTax account was hacked

If you lot do get a notification letter from Intuit regarding a compromised TurboTax account, you should phone call one of the Big Three credit-reporting agencies — Equifax, Experian and TransUnion — to institute a fraud alert.

Once that alert is established, you will be notified every time a lender asks to "pull" your credit file to establish your creditworthiness. The credit agency yous notify will alarm the other two bureaus.

Fraud alerts are free and terminal for ane twelvemonth. You lot might likewise desire to look into subscribing to ane of the best identity-theft-protection services, which can help yous recover from cases of identity theft that occur while yous are a paying client.

Contact numbers and websites to institute fraud alerts are contained in our commodity on what to do if your Social Security numbers is stolen. (Don't assume that your SSN was stolen until you become evidence that information technology might accept been.)

If you get evidence that your personal information is indeed existence misused past an unauthorized party, information technology might exist time for a credit freeze, also detailed in our Social Security number story.

Password reuse may be the single greatest reason why online accounts are taken over. Billions of username/password combinations stolen in data breaches and phishing attacks over the past two decades are easily available online.

Identity thieves and other criminals have developed computer programs that will test websites with stolen credentials to break into accounts.

To brand sure you don't have to reuse whatever passwords, try out i of the services on our list of best password managers. Some of them do everything you need for complimentary.

Intuit responds

"When Intuit fraud prevention teams observe an attempted or successful login to an Intuit business relationship that has leveraged harvested credentials from third-party sources," an Intuit spokesperson told Tom's Guide, "we immediately block access to that business relationship, send a notification to the customer, require a process of identity verification past the account owner and credentials to be changed in lodge to re-access the business relationship."

The alphabetic character seen by Bleeping Computer, the spokesperson said, was "a copy of a notification an private customer received notifying them that Intuit fraud prevention locked their business relationship due to what nosotros believe is unauthorized attempted access."

The spokesperson said notifications of account takeovers are sent out routinely when the situation warrants. In this particular example, the spokesperson said, the letter was sent to a single TurboTax user in Massachusetts earlier this calendar month.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has as well been a dishwasher, fry cook, long-booty driver, lawmaking monkey and video editor. He'south been rooting around in the data-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upward in random Idiot box news spots and fifty-fifty moderated a panel discussion at the CEDIA home-technology briefing. You tin follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/turbo-tax-accounts-hacked

Posted by: tatethicale.blogspot.com

Share this post