With the vast number of tax prep companies offering special deals, especially free online tax preparation; it is once again time to consider just how secure those companies are. After all, a security breach could expose your tax return to anyone.
Just after noon today I got an email in an old but still active email account which was certainly intended for someone else – it even included that person’s name and a link to an Intuit page where a history of their tax filing status reports was shown.
Just from the brief email note I have the person’s name and that they are located (or filed 2010 taxes) in California.
Although this didn’t actually involve any of my accounts except the email message, I was concerned that this might have been an indication of a serious security threat of some sort, perhaps against TurboTax, perhaps the IRS, or even a problem with my email account, so I located a contact at TurboTax/Intuit and forwarded them a copy of one of the emails.
I didn’t make any attempt to determine who the person named in the email was or anything about their taxes beyond what was emailed to my account apparently by Intuit ElectronicFilingCenter (which I know from experience is the correct source for such notices.) As a 35+ year computer security specialist, it would have made me nervous to learn that my filing status were being sent to some stranger.
Within an hour or so of my reporting the strange emails which (from the email header) appeared to originate from TurboTax/Intuit I got a reply from a spokesperson for TurboTax who told me they had immediately researched the situation and determined that this was a possible attempt at fraud.
The spokesperson told Newsblaze, “We had a team of individuals immediately take a close look at the record of the filing indicated by the e-mail you sent us. Through the IP address associated with that record, we have been able to determine that there is clearly fraudulent activity. This is not a security or privacy breach as your initial e-mail suggested.”
She went on to say that this had been reported to the IRS.
Since this was not a matter of some confidential source contacting a reporter confidentially I have made all the communications available to TurboTax and any government agency which contacts me – this is not a matter of reporter/source confidentiality.
