Intuit updated comments
Financial software maker Intuit warned some users of its TurboTax tax return preparation software that their accounts may have been compromised
Bleeping Computer reported that Intuit has locked these users out of their accounts Affected TurboTax customers must call (800) 944-8596 and mention the word "security" when prompted
According to Bleeping Computer, the account breach was not a security failure on Intuit's part, but the result of a customer reusing a TurboTax account password on an unrelated account
Tom'sGuide contacted Intuit and confirmed that notifications were sent to affected TurboTax customers; it was not immediately clear how many TurboTax customers may have been affected
According to Bleeping Computer, the notice sent to TurboTax customers warned that the personal information compromised could include "name, social security number, address(s), date of birth, driver license number, financial information (such as payroll and deductions), and other personal information contained on tax returns" It warns that the information may include
Tax returns are a gold mine for identity thieves because they contain most of the information needed to open an account in someone else's name, including Social Security numbers and addresses
Standard US tax forms do not ask for the tax filer's date of birth or driver's license number, but TurboTax accounts may contain that information
If you receive a notification letter from Intuit regarding a compromised TurboTax account, you should call one of the Big Three credit reporting agencies (Equifax, Experian, or TransUnion) and file a fraud alert
Once this alert is set up, you will receive a notification each time a lender asks to "query" your credit file to check your creditworthiness The credit bureau you notify will alert the other two credit bureaus
Fraud alerts are free and are valid for one year You may also want to consider subscribing to one of the best identity theft protection services that can help you recover from an instance of identity theft that occurred while you were a paying customer
Contact numbers and websites for fraud alerts are listed in the What to Do If Your Social Security Number is Stolen article (Do not assume your SSN has been stolen until you have evidence that it may have been stolen)
If you get evidence that your personal information is indeed being used fraudulently, it may be time for a credit freeze
Password reuse may be the biggest reason online accounts are hijacked Billions of username and password combinations stolen in data breaches and phishing attacks over the past two decades are readily available online
Identity thieves and other criminals have developed computer programs that use stolen credentials to test websites and break into accounts
To avoid having to reuse passwords, try one of the services on our list of best password managers Some of them offer everything you need for free [An Intuit spokesperson told Tom's Guide, "If Intuit's fraud prevention team becomes aware of an attempted or successful login to an Intuit account using credentials obtained from a third-party source, we immediately block access to that account, send a notification to the customer, requiring a process of identity verification by the account holder and requiring the credentials to be changed in order to re-access the account," it said
The letter Bleeping Computer saw was "a copy of a notice received by individual customers notifying them that Intuit fraud prevention has locked their accounts due to what appears to be an attempted unauthorized access," the spokesperson said
According to the spokesperson, account takeover notifications are routinely sent out depending on the circumstances In this particular case, a letter was sent to one TurboTax user in Massachusetts earlier this month, the spokesperson said
Comments