[Dataloss] Turbo Tax Error
Dissent
Dissent at pogowasright.org
Mon Apr 9 15:17:50 UTC 2007
http://www.wrcbtv.com/news/index.cfm?sid=7473
A Nebraska woman recently discovered a shocking flaw with a website
thousands of people use to prepare their taxes. Instead of taking
advantage of this potential gold mine for identity thieves, she is
calling attention to it to protect other taxpayers.
In her laptop, Jennifer discovered a key to the backdoor of some tax
returns filed on line through Turbo Tax.
A Turbo Tax customer herself, Jennifer attempted to access some past
filings and the route she took online opened returns for several
others with the same last name, but different first initials.
For security reasons we're not revealing the common last name or how
Jennifer inadvertently gained access to three other Turbo Tax accounts.
She was able to access tax returns for three Turbo Tax customers she
never met in different parts of the country.
There on her screen, everything needed for electronic filing from
bank account to routing digits and of course social security numbers.
An Omaha based official with the Turbo Tax parent company says the
inadvertent access to some tax files came as a shock.
"We think it was a quirk, an individual circumstance as far as we
know. So what we did is we took that link down in the product for now
until we can fully investigate to make sure the issue won't happen
again to anybody else," says Gordon Whitten.
Jennifer wouldn't want an internet stranger peeking into her tax
filings so she'll delete any information that opened the back door to
others with the same last name.
This does not involve the Turbo Tax software, only the website that
allows taxpayers to create an account and do their taxes there.
Company officials say the inadvertent window of opportunity for
potential thieves has been closed. Turbo Tax has not received any
reports of customer accounts being accessed by identity thieves, and
says it is grateful the Nebraska customer brought it to the company's
attention.
--
Main site: http://www.pogowasright.org
Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss
Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss
More information about the Dataloss
mailing list