TaxAct, the Iowa-based tax preparation software developer, acknowledged a data breach resulting in the suspension of more than 9,000 customer accounts due to suspicious activity. Approximately 450 of those customers may have had their tax information stolen along with social security numbers and legal names between the dates of November 10 and December 4, 2015. On January 11, 2016 TaxAct sent a letter titled “Notice of Data Breach” to its 450 affected customers. A TaxAct spokesperson said the company has “no evidence that any TaxAct system has been compromised” and said instead that the company thinks cyber criminals may have got customer names and passwords from other data breaches. Furthermore, the spokesperson confirmed that “the IRS has already taken steps in our systems to protect the affected accounts.”
This is quite the scary scenario as it’s a reminder of last year’s IRS hack where cyber criminals accessed the “Get Transcript” database where they stole the personal data of more than 330,000 people. In an article by USA Today, it reported that “The hackers made use of an IRS application called Get Transcript, which allows users to view their tax account transactions, line-by-line tax return information or wage and income reported to the IRS for a specific tax year. To enter the Get Transcript system, the user must correctly answer multiple identity verification questions. The hackers took information about taxpayers acquired from other sources and used it to correctly answer the questions, allowing them to gain access to a plethora of data about individual taxpayers.”
With that said, I guess it’s time to change our passwords and challenge questions again folks…