[BreachExchange] TURBOTAX HACK: INTUIT SAYS THERE WAS NO DATA BREACH, USERS ARE NOT AT RISK

Destry Winant destry at riskbasedsecurity.com
Tue Feb 26 11:49:46 EST 2019


https://www.newsweek.com/turbotax-intuit-breach-data-risk-1343272

TurboTax parent company Intuit said Monday that it did not suffer a
data breach that resulted in a third party gaining access to the
personal information of users. The company shared the statement
Monday, after a blog post was released earlier in the day claiming
that the company had suffered a breach.

"A recent blog post referencing a data breach of Intuit is inaccurate.
The document referenced in the blog post was a notification to a state
that a customer’s account experienced unauthorized access by a third
party using legitimate log-in credentials that Intuit believes were
obtained from sources outside the company," read the statement from
Intuit.

Intuit is a software company that mainly works with financial products
that allow users to easily complete and file their taxes online.
QuickBooks and Mint are also with Intuit.

The post claiming that the company had suffered a breach was published
on the website Dark Reading, and cited a disclosure letter that was
filed in Vermont. That letter, while it was filed, was actually
notifying the state of Vermont that a user profile had been accessed,
not due to a breach, but instead with the user's actual credentials.
"The individual’s account login information may have been acquired
from any number of sources outside of Intuit," said Intuit on Monday.

The company used its support Twitter account Monday to respond to
people sharing the Dark Reading blog post.

"In instances of unauthorized account access Intuit conducts an
investigation and takes steps to secure our customers’ account and
information. A part of this process is notification to a customer of
unauthorized access to their account and to select states," read the
statement from Intuit, adding that the protection of its customers was
its "top priority."

Intuit did not immediately respond to Newsweek’s request for comment.


More information about the BreachExchange mailing list