maker Intuit has notified end users of its system that some of their individual and fiscal info was accessed by attackers in what seems to be a collection of account takeover attacks.
“By accessing your account, the unauthorized bash might have received information contained in a prior year’s tax return or your latest tax return in progress, these kinds of as your name, Social Protection quantity, address(es), day of start, driver’s license range and monetary information and facts (e.g., salary and deductions), and details of other persons contained in the tax return,” defined Intuit in the breach notification letter sent to consumers.
The corporation included that it has taken “various measures” to help shield itscustomer accounts, introducing that investigations suggest that the assault was not a “systemic knowledge breach of Intuit.”
Very poor password hygiene
Intuit suggests that the accounts ended up compromised as section of an account takeover attack, wherever cybercriminals use people qualifications gleaned from info breaches on other on the internet expert services. These attacks are the final result of consumers reusing the same login qualifications on many on line products and services.
The accounts breach came to light-weight for the duration of a normal safety overview, main to even more investigations that discovered the attack had exposed a variety of information about the buyers.
As shortly as the assault came to light-weight, Intuit quickly disabled the breached TurboTax accounts. Intuit has also delivered a complimentary just one 12 months subscription toto the affected prospects.
additional stories that TurboTax consumers have been targeted in at the very least a few other account takeover attacks in and most not too long ago in .