Fake Tax Returns In 19 States Linked To Apparent TurboTax Hack

Electronic filing has opened a whole new enterprise for hackers and identity thieves.
Fake Tax Returns In 19 States Linked To Apparent TurboTax Hack
Credit: csahq.org
By Karoli KunsFebruary 5, 2015

After the news of the Anthem hack, this report is really disturbing.

The Salt Lake Tribune:

Fraudsters are using stolen personal information to file fake tax returns for real Utahns, hoping to steal refund money, the Utah State Tax Commission said Thursday.

The commission has identified 28 fraudulent filings so far, but has flagged 8,000 others as potential frauds. It said 18 other states so far have identified similar problems.

[...]

Commission spokesman Charlie Roberts said it found that personal information has been stolen from previous returns filed through TurboTax. He said the commission is not yet sure if other programs and companies were affected, nor if the data was stolen from the cloud or some other means.

TurboTax is a huge enterprise serving millions of individual tax filers. Those most likely to be affected by something like this are the ones who don't have complicated tax returns and are eligible for the Earned Income Tax Credit or other tax refunds.

These security breaches point to the weakness of using Social Security numbers as identity confirmation. With millions of them in the wild, thanks to the hack on Anthem, it's hard to imagine how they serve as a reliable identifier anymore. It's possible that these hacks will serve to drive solutions to identity provenance that doesn't rely on a single number issued by the US government, but it's hard to imagine that happening fast enough to protect those whose identity is currently at risk.

In the meantime, here's some practical advice for you with regard to your tax returns.

  • File as soon as you can - The sooner you claim that refund, the better.
  • Protect your data - You can't control the servers at TurboTax, but you can protect your own computer. Make sure you've got strong passwords, good firewall protection, and practice safe surfing.
  • If you use Quicken, password-protect that data too - Quicken and TurboTax are both Intuit products that link to one another for tax preparation and financial planning and tracking. Make sure you've locked down your data with a strong password on your machine, and don't store it up in the cloud.

I'll post more on this as details become available.

Update: I should have noted in my original post that TurboTax spends millions to lobby for complicated tax returns, because if they were simple, we could just file them directly with the government without the middleman. It appears that they're less diligent about how they guard the data they collect.

Become a subscriber:
 
Make a donation:

If you don't mind the ads and would rather donate, please select one of the options below:

Kindest
Donate via PayPal
Via Snail Mail
payable to: Crooksandliars
528 Palisades Drive
Ste 548
Pacific Palisades, CA 90272

Explore more

Discussion

We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service for information on our posting policy.
Mastodon