Tax Software Company TaxAct Discloses Data Breach
TaxAct announced that the tax return information of about 450 customers may have been stolen. The affected customers received a letter from the tax software company on January 11, informing them that their names and Social Security numbers may have been compromised. The unauthorized access occurred between November 10 and December 4.
The company, which is the third largest provider of tax return software, also froze the accounts of 9,000 other customers due to suspicious activity, a spokeswoman told The Wall Street Journal. These customers will be subject to additional verification this year.
The spokeswoman said there is “no evidence that any TaxAct system has been compromised” and that the company believes the customer names and passwords were obtained elsewhere.
TaxAct, a division of Blucora Inc., has offered customers free credit monitoring services and explained to victims how they can request a special identity-protection number from the IRS. This will ensure that no one else can file a return in the victim’s name.
This recent breach is a part of a bigger issue that the IRS has been trying to combat. Tax return fraud is a growing problem in the United States. Criminals use a victim’s stolen personal information to file a return and receive a fraudulent refund. If the cybercriminal can use information from a real taxpayer’s prior return, it looks more authentic and is less likely to be detected by federal antifraud filters.
In 2015, the personal information of 330,000 taxpayers was stolen from the IRS’s “Get Transcript” database, which stores information from prior returns.
Nearly 5.5 million tax payers electronically filed their return through TaxAct last year.