What Happened With TurboTax “Data Breach”
In the midst of tax season, you can imagine the worry that would happen when users are notified that TurboTax by Intuit was hacked. Was TurboTax hacked? Sort of, kind of, but not really. Instead of a data breach, it was a credential stuffing attack. This might be due to the billions of leaked records that showed up on the dark web in early February on the dark web for sale. Hackers or malicious third parties can then use the multitude of username and password combinations to target a variety of sites. One of which is TurboTax. Intuit confirmed on Feb. 26, 2019 that this is in fact not a data breach, but a credential stuffing attack.
This does not mean user accounts are safe. Users of the TurboTax software reported that their accounts were accessed. However, this is hackers getting lucky with a combination of email and passwords to gain access to an account.
Update: TurboTax did tweet us with a link to their official blog on the topic. Their official blog can be accessed by clicking here.
Why The TurboTax Cyber-Attack Should Concern You
If you use the TurboTax program, freeze your accounts associated with the program. Then, search to see if there is any fraudulent activity that took place. Hackers can get sensitive data from your TurboTax account that includes your current and previous tax returns, social security numbers, address, birthdate, first and last names, financial information, driver’s license, and more.
How Do I Know If I’m In The TurboTax Breach
First, it does not matter what type of account is hacked in a data breach. Users should change all passwords on any account that shares the same login information. Second, if you are impacted, TurboTax automatically made the account temporarily unavailable. This will stop any unauthorized person or party from gaining this sensitive information. Third, Intuit states that any person impacted will receive one year of free identity protection, credit monitoring, and identity restoration through Experion.
What To Do in Case of a Data Breach
It seems like we need a “Break Glass In Case” option, but with the number of data breaches, there would be a boost of window repair and glass maker business. Instead, SecureData can help. SecureData offers a wide range of data protection services and products.
To prevent a data leak or breach, we offer the hardware encrypted FIPS Level 3 SecureDrive and SecureUSB devices for personal and professional use. Additionally, we have a digital forensics division to assist with identity theft, fraud, and data breach incident response. For more information, call us at (800) 520-1677.