Turbo Tax Hack: Fraudulent Returns Being Filed


Thought Leadership

Turbo Tax Hack: Fraudulent Returns Being Filed

Troy Gill


Intuit, the company that owns the very popular tax software/service Turbo Tax, announced today that it is shutting down ALL state tax filing capabilities due to a recent rash of “suspicious” filings. This news comes at a time when millions of US citizens are filing federal and state tax returns. This comes on the heels of the news that Minnesota stopped accepting filings from Turbo Tax in light of some potentially fraudulent activity.

It seems there has been a large number of false returns being filed and there are reports of users logging into the software only to find that their state returns have already been submitted (although we can ‘t substantiate those claims). Turbo Tax is reporting that its internal investigation revealed that these accounts were not breached via a compromise of their own systems but rather from criminal activity outside of their network. Regardless, this is quite concerning as these user profiles contain loads of personal information, likely including Social Security numbers (of filers and all dependents), bank account numbers, routing numbers – a veritable cornucopia of personal and financial data.

The main question is where the data used to access these accounts came from? If the Turbo Tax data trove were breached, it could spell lots of trouble for a large number of their customers. Fortunately, this does not appear to be the case. We wouldn’t be surprised if it turns out these accounts were breached through some other means, perhaps a group of individuals that had fallen victim to a phishing campaign or the like.

We see such attacks almost continuously here at AppRiver. In fact, we are currently tracking many different tax related phishing campaigns, although at the moment we are not seeing any specific to Turbo Tax (though we have seen those many times before). Here is an example of just one of the many attacks we block daily that is aimed at harvesting your personal data:


However, phishing is just one of the ways these criminal might have harvested the data that allowed them access to the Turbo Tax user accounts. They might have also harvested the data through malware designed to record your every keystroke. It is also possible that this was the result of some earlier and technically unrelated data breach where consumers were using the exact same login credentials that they use to access some other accounts. This is why it is very important to make sure you use different passwords for different accounts. Otherwise data stolen from a retailer (for example) can be used to access your most sensitive accounts.