Class Cries Foul Over Lax Security at TurboTax

           SAN FRANCISCO (CN) – TurboTax maker Intuit may have allowed cybercriminals to file “thousands of fraudulent tax returns” for “billions of dollars” by hacking into efilings, a class action claims in Federal Court.
     Lead plaintiffs Christine Diaz and Michelle Fugatt claim Intuit did not take reasonable security measures to prevent criminals from filing fake tax returns using stolen information.
     According to the April 20 complaint, the IRS paid $5.8 billion in tax refunds in 2013 that it later discovered were filed fraudulently.
     The plaintiffs claim security experts for years called upon Intuit to enhance its security features by implementing a two-step authentication process, but the company didn’t do so until February this year, when a spike in fraudulent e-filings forced TurboTax to halt transmission of state tax returns for 24 hours.
     They claim Intuit did not implement cyber security measures to combat data breaches into its own systems, despite the publicity of recent hacks to other companies.
     One of the plaintiffs’ attorneys, David Wright with McCuneWright in Redlands, said it’s not yet clear whether any fraudulent filings stemmed from hacks into Intuit’s system.
     But the plaintiffs cite whistleblower reports that “the company had made millions of dollars in knowingly processing state and federal tax refunds” filed by thieves.
     “Further, in March 2015, Intuit announced that it had also received inquiries from the U.S. Department of Justice and Federal Tax Commission regarding the sudden surge in fraudulent filings submitted through TurboTax,” according to the complaint.
     The plaintiffs seek damages for unfair competition, violation of California’s Customer Records Act, aiding and abetting fraud, negligent enablement of third-party imposter fraud, negligence and breach of contract.
     An Intuit spokeswoman said the company does not comment on pending litigation.

%d bloggers like this: