Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Tax Fraud Prompts Intuit to Temporarily Suspend State E-Filing

In response to an increasing number of fraudulent tax returns, financial software developer Intuit temporarily suspended e-filing of state income tax returns made through the company’s TurboTax tax preparation solution.

In response to an increasing number of fraudulent tax returns, financial software developer Intuit temporarily suspended e-filing of state income tax returns made through the company’s TurboTax tax preparation solution.

The service was paused on Thursday and resumed on Friday at 3 p.m. Pacific time. Intuit says it hasn’t found any evidence to suggest that its systems have been breached. Instead, the company believes criminals are using stolen identity data to file fraudulent state tax returns and claim tax refunds.

“Customers who have already filed their state tax returns using Intuit software during this temporary pause will have their returns transmitted as soon as possible. They do not need to take further action at this time. This action does not affect the filing of federal income tax returns, and is limited to those states that require residents to file returns,” Intuit said in a statement on Friday.

The decision to suspend e-filing came just as the Utah State Tax Commission announced discovering 28 fraudulent filings. In addition, the commission flagged a total of 8,000 returns as potentially fraudulent. Some individuals notified the organization that their tax returns had already been filed when they attempted to file them through TurboTax. Similar problems were identified in 18 other states, the Tax Commission in Utah reported.

Intuit has urged the industry to join forces in the fight against tax fraud. For its part, the company plans on acquiring Porticor, an Israel-based cloud security firm. Intuit is also working with FireEye and data analysis company Palantir to address the issue.

For the time being, the financial software developer says it has implemented a multi-factor authentication system that should protect user accounts against unauthorized access.

“Nothing is more important to us than the safety of our customers’ data,” stated Brad Smith, Intuit president and CEO. “We are taking this issue very seriously and from the moment it emerged it has been all-hands-on-deck. We’ll continue to remain vigilant, but I am more than pleased that we were able to resume transmission for our customers within about 24 hours.”

As recent data breaches have demonstrated, it’s not difficult for fraudsters to get their hands on large quantities of identity information. For example, the details of as many as 80 million individuals, including their social security numbers, might have been obtained by cybercriminals in the recent Anthem breach.

Advertisement. Scroll to continue reading.

“Just as there are black markets for credit card information, there are also black markets for highly valuable personal data – especially Social Security Numbers + Date of Birth + address,” said Daniel Ingevaldson, CTO of Easy Solutions. “With this kind of information, criminals can easily commit much deeper identity fraud – setting up fake bank accounts, applying for credit cards/loans, filing false tax returns for refunds – all under your Social Security number.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.