General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums"Scary stuff" UPDATE: the hack was TurboTax (NEWER UPDATE)
Last edited Thu Feb 5, 2015, 10:50 PM - Edit history (3)
First dribble of info is coming from Utah:
Utah Tax Commission flags thousands of potential fake returns
http://www.sltrib.com/home/2145693-155/utah-tax-comission-flags-thousands-of
Snip: Commission spokesman Charlie Roberts said it found that personal information has been stolen from previous returns filed through TurboTax. He said the commission is not yet sure if other programs and companies were affected, nor if the data was stolen from the cloud or some other means.
...but my source tells me as many as 15 other states could have been affected, and that whoever pulled this hack likely got the run of all of TurboTax's information. That might even mean Quickbooks, but I don't know.
Millions of people have been using TurboTax for years. I used it for years. It's a treasure trove of incredibly detailed tax and financial information...now in the wind.
It's a bad one, in my opinion.
Update: All the hackers have done so far is use 2013 return information to file bogus 2014 returns, and direct the money to prepaid debit cards. It seems as though they are targeting taxpayers who are getting big refunds, and ignoring the smaller returns. They do, theoretically, have access to a vast pile of identity information, but whether or not they will do anything with that remains to be seen.
NEW Update: The Salt Lake Tribune re-re-edited their article to extract the name "TurboTax" from the "TurboTax was hacked" article. Given the fact that little ol' me got love from an Intuit PR flack, I think some muscles are being flexed.
For the record, the paragraph in the Trib read: "Commission spokesman Charlie Roberts said it found that personal information has been stolen from previous returns filed through TurboTax. He said the commission is not yet sure if other programs and companies were affected, nor if the data was stolen from the cloud or some other means."
...and there's this:
Minnesota Stops Accepting TurboTax Filings Due to Possible Fraud
Updated: 02/05/2015 8:15 PM
http://kstp.com/article/stories/s3699235.shtml
Stay tuned.
nc4bo
(17,651 posts)etherealtruth
(22,165 posts)JaneyVee
(19,877 posts)Saying she's being sued by the IRS and she can pay over the phone by debit card. She knew it was fake and reported it buy it sounded professional, automated message.
ETA: And yes, she uses turbo tax software.
NightWatcher
(39,343 posts)Between Target, Home Despot, Turbo Tax, and the hundreds of other hacks and such, I'd be willing to be that all of our data is out there. What is to ultimately done with it is still up in the air. I'm expecting one BIG hack one day, where everyone's info just vanishes.
notadmblnd
(23,720 posts)Everyone having their slates wiped clean.
PatrickforO
(14,586 posts)RKP5637
(67,112 posts)information from all of these various hacks for the big hack one day.
NightWatcher
(39,343 posts)I think one day some group or country is just going to turn us off and erase all of our records and identities.
quakerboy
(13,920 posts)Given the number of different organizations keeping data on us, and then combine that with the fact that most of them, i am sure have duplication of storage, I really cant think of any realistic way to make it all disappear short of something that kills ALL of the hard drives, all at once. Including the ones that got filled, detached from any computer, and are tucked away in a storage vault somewhere.
More likely we continue to see greater and greater incursions into the financial interests of individuals, then the government uses the fear of that to make policy that is supposed to keep our identity safe but mostly just inconveniences us and makes it harder for local businesses like family farms or small independant restaurants, etc to continue on doing business.
android fan
(214 posts)wonder if my information has been leaked?
My credit was already terrible before the hack, and I don't know how much they can make it worse....
jeff47
(26,549 posts)Got my credit score down so low that it was useless to thieves.
"Unfortunately" I'm in a better financial position now.
NYC_SKP
(68,644 posts)Hassin Bin Sober
(26,335 posts)RKP5637
(67,112 posts)Rex
(65,616 posts)Downwinder
(12,869 posts)BeanMusical
(4,389 posts)CanonRay
(14,112 posts)but I have NEVER electronically filed, and now I'm glad I didn't.
El Supremo
(20,365 posts)I relieve my frustration by shoving the envelopes in a mail box.
blackspade
(10,056 posts)I've stuck with paper returns for this very reason.
Warpy
(111,327 posts)BumRushDaShow
(129,341 posts)Downloaded the fillable PDF forms, filled them out electronically, printed them, signed them, attached docs to them, folded them up, put them in an appropriately-addressed business-sized envelope with 2 stamps, and stuck the wad in the mail this morning. It may take a couple months but eventually I should (hopefully) get my paper check.
FailureToCommunicate
(14,020 posts)"No school like the old school."
BumRushDaShow
(129,341 posts)FailureToCommunicate
(14,020 posts)BumRushDaShow
(129,341 posts)They were just hilarious.
Fred Sanders
(23,946 posts)proper security. That should be clear enough by now.
Remember Sony and their cheapskate security?
For taxes, use the snail mail, secure as it gets.
Glassunion
(10,201 posts)How much does it cost?
What does it entail?
Fred Sanders
(23,946 posts)Glassunion
(10,201 posts)belcffub
(595 posts)I work in IT security for a Government agency... trust me all data stored in a computer that is online can be hacked... its not if but when...
randome
(34,845 posts)[hr][font color="blue"][center]You should never stop having childhood dreams.[/center][/font][hr]
belcffub
(595 posts)it is just a mater of time... we continually pay companies to try and hack us... We pay them to try and get us to slip up... they send people in to the office who say they are from the phone company... or repair company... with fake id's and forged paper work...
and in one of those tests... someone let the person into the data center... I can't remember what the cover story was but it doesn't really mater...
Corporations are spending a fortune on info security... they do not want to be the next Sony, target or HD...
Do you remember the target hack... it came from a outside vender having access to targets systems... I remember everyone saying how stupid of them for allowing an outside company that access... but I know today the Government entity I work for has many outside venders who can access our network remotely... it is only a mater of time...
randome
(34,845 posts)They are talking about holding periodic hack-a-thons to make our apps more secure. A long overdue idea.
[hr][font color="blue"][center]Don't ever underestimate the long-term effects of a good night's sleep.[/center][/font][hr]
notadmblnd
(23,720 posts)Anyone know?
Kelvin Mace
(17,469 posts)your data would be in there database if you filed electronically. If you didn't, you are probably safe either way.
notadmblnd
(23,720 posts)I download and install it every year. I do submit (supposedly secure connection) via the link in the purchased program though. I do know that with some of the free versions, you have to log into their site and your info is saved on their servers and not the preparer's hard disk.
it might make a difference?
IDemo
(16,926 posts)TurboTax customers are already outraged with a stealth 50% price hike in the software this year. But more secrets are coming out that might be equally surprising to some.
Intuit (INTU), the company that makes TurboTax, maintains a database containing users Social Security numbers, names and other personal data even for customers using the desktop version of the software who save their files on their own hard drives.
The existence of the database was revealed to users when Intuit set up a website for customers to ask for their $25 refunds from the software price increase. The site at turbotax.intuit.com/25back requires users to enter their Social Security numbers to get their $25 refunds. That indicates that personal tax data is, indeed, being stored by Intuit.
http://americasmarkets.usatoday.com/2015/01/27/turbotaxs-database-knows-your-secrets/
Egnever
(21,506 posts)The pirated version.
lumberjack_jeff
(33,224 posts)Sorry about that. Oh shit indeed.
F4lconF16
(3,747 posts)Kelvin Mace
(17,469 posts)to set up the tax system so that the IRS does your taxes and just sends you a form to sign (for the VAST majority of tax payers who have relatively simple returns). TurboTax has lobbied to prevent this for over a decade. Would save the IRS and the consumers billions and certainly would have been more secure than a this system where people trust third parties with very sensitive data.
Xyzse
(8,217 posts)I mean, they already did that for me once when I overpaid.
mountain grammy
(26,644 posts)to ever make it streamlined and simple...
Demeter
(85,373 posts)Why on earth would you think that? Don't you get the message? NOTHING is secure. NOTHING.
First of all, it is not secure from the NSA, FBI, CIA and probably that new baby, Homeland Security. This government doesn't know the meaning of privacy, 4th Amendment, or security.
Secondly, it is not secure from anyone who can hack a computer, if it is on a computer. Doesn't even matter if the computer is never connected to the Internet.
And forget about the sanctity of the mail. They've got that covered, too.
This is what Edward Snowden has been trying to tell us for over a year.
quakerboy
(13,920 posts)Your data it wouldn't be more secure from the various government spy agencies. But its not secure from those ****'s anyway. I guarantee that when you submit your return, even if you use the snail mail and pieces of paper you filled out with a pen, out of sight of any webcam or smartphone, the IRS then enters that info into computers. To which NSA, CIA, et al have already backdoored their access. So having the IRS do the return to start with would not make your Tax return any more or less secure in that regard. Same point applies to your comment re mail.
As for computer hacking... I challenge you to show that the TurboTax held info is more secure than the IRS info, from "anyone who can hack a computer". I would be willing to bet that the IRS databases are more secure than the Turbotax Corporate databases. So having the IRS do it instead of turbo tax would increase the data security.
Would having the IRS do what it does anyway make your data perfectly secure? No. But it would, pretty much by definition, increase the security of the data to cut a third party (with a corporate bottom line) out of the process.
dreamnightwind
(4,775 posts)bobwelch
(2 posts)If the computer was not hooked to the internet then it could not be hacked - any unauthorized access would have to be done hands on with stolen credentials etc.
jberryhill
(62,444 posts)brooklynite
(94,688 posts)pugetres
(507 posts)It would be good to know if the people affected had any issues with their federal returns too.
yodermon
(6,143 posts)i hadn't been hacked fwiw
Android3.14
(5,402 posts)Perhaps you have the ability to see electrons?
yodermon
(6,143 posts)already been filed for 2014.
from the link:
It also said it was contacted by some taxpayers who tried to file returns through TurboTax who received a message that their return had already been filed
Wasn't the case for me, which of course doesn't mean I haven't been hacked.
murielm99
(30,754 posts)We have farm property, and it can get complicated. I convinced my husband years ago to get the taxes done early, so we could send the information in for our kids' student loans. Even a small business like ours can be complex, when it comes to filing.
We are going in soon. I am going to ask the guy what he knows about all this. I don't want bland reassurances, either, but facts. This is dangerous ground!
Wellstone ruled
(34,661 posts)Intuit is the parent of Trubo Tax,and in saying that,it is their propriety software which is marketed as a accounting package for small and medium business's. Have used Trubo for many years,and have had to file in Utah,this should concern anyone who has done business in the eighteen or so states affected. This could be the hack of all hacks. When we seen this come across the screen a couple hours ago,we notified our Credit Union of this do to the fact we use the direct deposit on refunds.
WilliamPitt
(58,179 posts)raven mad
(4,940 posts)Of course, our income was so low, and the return so penurious, I don't think anyone would bother with it.
Mnemosyne
(21,363 posts)1,012,730,026 RECORDS BREACHED
(Please see explanation about this total.)
from 4,487 DATA BREACHES made public since 2005
Quite a list -
http://www.privacyrights.org/data-breach
TBF
(32,084 posts)we used Turbo tax up until last year. Of course if anyone wants to pay off our student loans for us they are welcome to them ...
billh58
(6,635 posts)on this site produces "no results."
shanti
(21,675 posts)i used tax act, but they could be hacked too...
abelenkpe
(9,933 posts)Glad I don't use turbo tax.
PatrynXX
(5,668 posts)until brother and I trusted H&R Block. that and it was both easier to understand and cheaper
TNNurse
(6,929 posts)Why I do not bank or pay bills online.
WilliamPitt
(58,179 posts)All the hackers have done so far is use 2013 return information to file bogus 2014 returns, and direct the money to prepaid debit cards. It seems as though they are targeting taxpayers who are getting big refunds, and ignoring the smaller returns. They do, theoretically, have access to a vast pile of identity information, but whether or not they will do anything with that remains to be seen.
C Moon
(12,221 posts)scary stuff, indeed.
ananda
(28,873 posts)TurboTaxChristine
(1 post)Hi Folks,
Christine from TurboTax here. I want to assure you that TurboTax has not been hacked. We continuously monitor our systems in search of suspicious activity. And through that process, we have found no evidence of a data breach. In addition, we asked a third-party security firm FireEye/Mandiant to do an independent assessment. All evidence indicates that those initiating these attacks obtained information outside the tax filing process.
During this tax season, we have seen a significant increase in attempts by criminals to use stolen identity information such as names and social security numbers obtained from other sources outside the tax preparation process to file fraudulent state tax returns. This illegal activity originates outside the tax preparation process and uses TurboTax as the vehicle to commit this crime.
We will have more information coming on this issue, but I wanted to assure you that our customer's data is safe.
If you've been a victim of identity theft, we've established a dedicated 800 number where customers impacted by tax fraud can obtain further information with serially trained identity protection agents.
-Christine Morrison
TurboTax Communications
WilliamPitt
(58,179 posts)...the Salt Lake Trib had it wrong? My guy in the biz whose whole management team is cloistered with Intuit reps is wrong?
Explain, please. 8,000 fraudulent returns in one state alone.
uppityperson
(115,678 posts)berni_mccoy
(23,018 posts)The quote that will pasted has been changed to the following:
It previously said turbo tax.
PeaceNikki
(27,985 posts)That's what it says.
DeSwiss
(27,137 posts)...how is it that less than 3 hours after your OP on this matter, TuboTax is dead-on-the-case and knows about YOUR post here at DU and begins damage-control operations.
- Hmmmm......
PeaceNikki
(27,985 posts)Ffs, it's 2015. Much smaller, even mid size companies monitor the internet constantly for discussion of their brand. The reply here isn't that shocking.
Welcome to the internet.
DeSwiss
(27,137 posts)...if they'd monitor their system's security better and put their resources there, instead of wasting personnel to work exclusively on covering their asses due to their fuckups.
- Then maybe these kinds of things wouldn't happen, FFS
PeaceNikki
(27,985 posts)if they were breached, we'll know.
It doesn't sound like they were breached though. It sounds like identity thieves use their product to file fraudulent returns. There is a difference.
WilliamPitt
(58,179 posts)People seek me out.
OilemFirchen
(7,143 posts)You might want to bone up on "retraction" as well.
WilliamPitt
(58,179 posts)...for starters.
That's two sources, plus my source.
?
OilemFirchen
(7,143 posts)I'm guessing your other "sources" relied on your "guy" as well. Maybe you were their source. Whatevs. That's not second-sourcing, that's clusterfucking.
BTW, per your update at least the Trib has edited their story. You're doubling down.
Weird, this new "journalism".
Rex
(65,616 posts)You love him, you hate him. You love to hate him. Fans are such fickle people.
OilemFirchen
(7,143 posts)I paid for J-School by selling used cars.
Still verklempt that there's no evidence of an Intuit data breach. Holding out hope for my idol, though!
Duval
(4,280 posts)onecaliberal
(32,884 posts)AtheistCrusader
(33,982 posts)People pay good money to employ it.
AllyCat
(16,215 posts)billh58
(6,635 posts)After just a cursory web search I found that this is not a new problem, and that TurboTax has been warning people about identity theft for several years.
As a longtime Intuit customer, I feel very confident that your products are indeed safe and secure.
PeaceNikki
(27,985 posts)WilliamPitt
(58,179 posts)Minnesota Stops Accepting TurboTax Filings Due to Possible Fraud
Updated: 02/05/2015 8:15 PM
http://kstp.com/article/stories/s3699235.shtml
Rex
(65,616 posts)over their favorite author! Some of your biggest fans are so fickle!
Orsino
(37,428 posts)It's not a sin to be wrong, or for a source to have been wrong, nor for the real story to become more complicated as time goes on. It's early yet.
Rex
(65,616 posts)Since you won't believe links to news sites. Then again none of you really care about what Pitt writes...you all just like being huge fans and nothing more.
Orsino
(37,428 posts)Belief will probably come later, after more detailed evidence. I don't use Turbo Tax, but I know people who do, and would like to know if it really was hacked.
Rex
(65,616 posts)And entire state believes it...wut ya gonna do?
Orsino
(37,428 posts)Temporarily halting e-filing is trivially easy to do, and a fine panic button to hit.
I'm more persuaded by the lack of competing explanations this morning.
Rex
(65,616 posts)If the only sources on this issue were from CT sites, I would dismiss this as CT talk.
jberryhill
(62,444 posts)Does it mean an internal breach of TurboTax, or an external breach of the computers of TurboTax users?
randome
(34,845 posts)Or, if stored with a third-party vendor, a breach of that company's servers. It's still jumping the gun to say that TurboTax is to blame. Maybe they are but...maybe they aren't.
"Scary stuff" is premature, IMO, especially when automatically applied to TT without some evidence to support it.
[hr][font color="blue"][center]"Everybody is just on their feet screaming 'Kill Kill Kill'! This is hockey Conservative values!"[/center][/font][hr]
jberryhill
(62,444 posts)randome
(34,845 posts)[hr][font color="blue"][center]Stop looking for heroes. BE one.[/center][/font][hr]
woo me with science
(32,139 posts)"...our customer's data is safe."
Which one?
Pacifist Patriot
(24,654 posts)cwydro
(51,308 posts)Pathetic.
Rex
(65,616 posts)Everyone else is fuuuuuuuuuuuuuuucked. But you know...a one count poster is believed over Pitt...his fans are such fickle people!
Rex
(65,616 posts)Whoever you really are.
snooper2
(30,151 posts)But we don't have any of those around here
Even has a pic
https://www.linkedin.com/profile/view?id=6063292&authType=NAME_SEARCH&authToken=fVEF&locale=en_US&srchid=17074041423242231579&srchindex=1&srchtotal=1&trk=vsrp_people_res_name&trkInfo=VSRPsearchId%3A17074041423242231579%2CVSRPtargetId%3A6063292%2CVSRPcmpt%3Aprimary
myrna minx
(22,772 posts)Those that are tittering and tongue clicking about this - trying to make it about Will Pitt - clearly aren't affected. Those of us who *may be* are taking this seriously - considering there isn't any information forthcoming and the "help" line is of no "help" at all.
jberryhill
(62,444 posts)That doesn't mean that TT software and data, installed on your customers' machines, is safe.
City Lights
(25,171 posts)Nice try!
randome
(34,845 posts)[hr][font color="blue"][center]I'm always right. When I'm wrong I admit it.
So then I'm right about being wrong.[/center][/font][hr]
SmittynMo
(3,544 posts)I have been in IT for many years. ANYTIME you use your computer, you take the risk of someone spying on you and your data. Unfortunately, I saw this happening 2 decades ago. I saw everything going digital, which in itself, is risky. Encryption of data is fairly safe, but not 100%. There is always someone out there trying to find ways to get to your data. Nothing is really 100% safe. They can hack your camera and mic, see your data on your hard drive, and with "cloud" technology, your data can be hacked at anytime without your knowledge. What makes this scarier, a lot of companies are using cloud technology. Word of advice for laptop users. Be sure to cover your cam with tape.
If you ask me, at this stage in the game, the only defense we have is to beef up encryption and firewall security. You can also reduce your online ordering.
To date, I have not been hacked, or encountered a breach of data. But beware, it can happen at anytime without your knowledge, or permission. Limit ordering online, setup alarms on all your accounts, and check your accounts daily. Getting a service like life lock can be beneficial.
Remember, with the right hacked data, ANYONE can be YOU online!!
berni_mccoy
(23,018 posts)TheProgressive
(1,656 posts)Or using a computer connected to the Internet to do their taxes....
I use Turbotax. I load it to my 'non-internet' machine and do my taxes. I do
not use e-file. I mail it in.
Don't you wonder what the Turbotax people do with everyone's personal
tax information? Income, investments, house(s), expenses... They know everything about you.
Know this - everything you do on the internet is known. Backing up your files to the 'cloud'...? hmmmm
Think they go thru your files? Of course they do...
berni_mccoy
(23,018 posts)If you file your return with TT the data is kept by them. This is the default behavior. I suspect you could ask them not to. But I also suspect they would keep it for potential audit (they have an audit protection service) and also for their own data mining.
TheProgressive
(1,656 posts)Here is what I do...
I go to Costco and buy Turbotax. I load it to my personal computer that is
*never* connected to the Internet. For updates, I use Turbotax 'manual update'. With
manual update, I load the update to my internet machine and copy it to a thumb drive.
Then I load it on my personal computer.
I do my taxes and then print it out and mail it to the IRS.
Been doing this for 14-20 years...
Agschmid
(28,749 posts)Hell I did my taxes on my phone this year.
TheProgressive
(1,656 posts)I do not have a cell phone....!
Agschmid
(28,749 posts)Fla Dem
(23,727 posts)mwooldri
(10,303 posts)Getting the Turbotax program and using a non-connected PC to complete your taxes doing it can give people a sense of security. Going to Turbotax.com or using the Internet portion of the program opens the door a smidgen for your data to be stolen.
I must say that no system of data storage is 100% safe. There's only relative safety. Mail can still be stolen, homes and offices can be broken into, etc.
uppityperson
(115,678 posts)though of course anyone could say they were that, it might behoove you to edit your OP since it appears you may be spreading false rumor of TT being hacked.
I doubt you will but wanted to throw this out anyway.
berni_mccoy
(23,018 posts)Dr Hobbitstein
(6,568 posts)Can't find anything to corroborate that, either. However, this is from 3 days ago in MN.
http://www.kare11.com/story/news/investigations/2015/02/02/identity-thieves-targeting-tax-refunds/22769445/
I think you may have jumped the gun here, Will. Being first to isn't always best.
PeaceNikki
(27,985 posts)It definitely seems like am irresponsible jump that has a response in thread.
WilliamPitt
(58,179 posts)Quote:
"Commission spokesman Charlie Roberts said it found that personal information has been stolen from previous returns filed through TurboTax. He said the commission is not yet sure if other programs and companies were affected, nor if the data was stolen from the cloud or some other means."
Develop your own conclusions as to how that happened.
Dr Hobbitstein
(6,568 posts)and they have new information, or that Charlie Roberts was using the word TurboTax as a catch-all or was misquoted. No news sources anywhere of a TurboTax hack. I'm thinking that would be HUGE news.
MannyGoldstein
(34,589 posts)Computer security ain't.
Dr Hobbitstein
(6,568 posts)The vast majority of identity theft happens through things like stealing wallet/purse, mail-theft, and picking through garbage. When it is on the internet, it's usually scammers sending fake bank emails and things of that nature. Very little of it involves being hacked.
TheProgressive
(1,656 posts)Bad try...
Dr Hobbitstein
(6,568 posts)All someone has to do is walk by your mailbox and steal it's contents to get your info. And the fact that every person who touches your mail in between it's sender and recipient is a security risk.
Hacking is a bit more specialized and sophisticated. Something your average identity thief is not.
http://www.identitytheftjournal.com/common-causes-identity-theft/
http://blog.equifax.com/credit/top-causes-of-identity-theft-not-the-internet-yet/
http://www.libertypowercorp.com/leading-cause-id-theft/
TheProgressive
(1,656 posts)But you do hear about all the security breaches from the internet....
Have you hear of the Anthem internet hack that just happened?
Dr Hobbitstein
(6,568 posts)There was an identity theft ring broken up last year where a bunch of college kids raided mailboxes and stole wallets and purses, then used the info to file fake tax returns. They ended up with over $400,000 without ever using the internet. I'm not saying that it doesn't happen on the internet, but the internet is NOT the major cause of it. The majority of people who commit identity theft are not part of some sophisticated hacker ring, they're common criminals who steal physical things and get new documentation made.
A box at the side of the street is not exactly what we call secure (ie, mailbox). And yes, I heard about the Anthem hack, and also heard that they didn't get anything of real value from it.
WilliamPitt
(58,179 posts)The Salt Lake Tribune re-re-edited their article to extract the name "TurboTax" from the "TurboTax was hacked" article. Given the fact that little ol' me got love from an Intuit PR flack right here on DU, I think it's safe to say some muscles are being flexed.
For the record, the paragraph in the Trib read: "Commission spokesman Charlie Roberts said it found that personal information has been stolen from previous returns filed through TurboTax. He said the commission is not yet sure if other programs and companies were affected, nor if the data was stolen from the cloud or some other means."
Stay tuned.
suffragette
(12,232 posts)Minnesota Stops Accepting TurboTax Filings Due to Possible Fraud
Updated: 02/05/2015 8:15 PM
http://kstp.com/article/stories/s3699235.shtml
The Minnesota Department of Revenue is no longer accepting tax returns submitted using TurboTax because of potential fraudulent activity.
According to the department, some Minnesota taxpayers recently found when they logged in to file their tax return, they saw their return had already been filed.
Looking for more info and just saw this report. So, problem in more than one state?
PeaceNikki
(27,985 posts)cwydro
(51,308 posts)So if it's true, we'll be hearing about it soon.
PeaceNikki
(27,985 posts)cwydro
(51,308 posts)suffragette
(12,232 posts)Another article has a little more info:
http://www.twincities.com/localnews/ci_27470400/minnesota-revenue-officials-halt-filings-by-turbotax-citing
Of the 267,000 Minnesota tax returns already filed, the department flagged "a couple thousand" returns that had used TurboTax, in order to review them. Deputy commissioner Terri Steenblock said the returns were flagged solely because they had used TurboTax.
Department officials said they had no additional information Thursday evening relating to the potential fraud and added that the problem wasn't limited to Minnesota. They added that their own systems and data have not been breached.
"We are aware of other states that are aware of potentially fraudulent activity," noted Steenblock.
Interesting that she said "states" and not 'another state.' I wonder if the states affected are sharing info?
PeaceNikki
(27,985 posts)but nobody has said TT was "hacked" except Pitt. There's a difference. If they were, there are security breach notification laws that compel them to disclose.
suffragette
(12,232 posts)Seems like a pretty specific response by Minnesota.
PeaceNikki
(27,985 posts)In fact, they are specifically saying there was not. They are compelled by law to disclose if there was.
WilliamPitt
(58,179 posts)if my source is on the money.
suffragette
(12,232 posts)since it seems to me it's the maga-corporations who keep having major breaches, regardless of how much longer and more complex we all are make our passwords.
Iliyah
(25,111 posts)WilliamPitt
(58,179 posts)uppityperson
(115,678 posts)Trajan
(19,089 posts)Let's see how this story progresses ... I am curious what will be true, and what will not be true ... Aren't you ?
uppityperson
(115,678 posts)is irresponsible journalism. I know there is the desire to scoop others on a story, but not by posting what appears to be libelous statements. Being first to break a story vs defamation and potential liability to this website.
PeaceNikki
(27,985 posts)He was quite confident of his sources then, too. Couple the OP's history of that irresponsible "reporting" event (and the nasty way he treated the doubters then) with the fact that there are laws which compel companies to disclose security breaches and a statement in this thread from said company denying such, and we have a lot of reason to dismiss this as well.
myrna minx
(22,772 posts)with questions about your Minnesota return.
What's weird is Turbo Tax offered to prepare Minnesota state tax for free this year. Normally it's $30 or so.
I e-filed federal, but still opted to paper file Minnesota, so I have no idea if I'm affected and I have no way of checking by logging on either. *Sigh* I guess I have to wait until 8 AM so I can be put on hold.
http://minnesota.cbslocal.com/2015/02/05/minnesota-stops-accepting-turbotax-returns-due-to-fraud/
suffragette
(12,232 posts)I'm not in Minnesota and my state doesn't have state income tax.
But any of us could be hit by a similar breach and it bothers me how much of our info is floating away in 'the cloud' and accessible to thieves.
myrna minx
(22,772 posts)If this isn't a big deal, why the delay? Why aren't they forthcoming? This is atrocious customer service. I've used Turbo Tax for years - never again. Snail mail for me. It's the not knowing that's tough. Do I change passwords? What do I do?
I guess if you're a customer of Turbo Tax, you are expected to wait on hold all day.
suffragette
(12,232 posts)I found and posted an update i found at Forbes below.
Didn't include the paragraph noting the phone number is now for all states.
You can see that info at the link.
I'd keep trying now since the phone wait will probably increase once people from other states start calling, too.
I hope you weren't affected by any of this. So far Intuit is saying the breach isn't from their system, but it looks like they are now offering monitoring for anyone affected.
marym625
(17,997 posts)Only thing I could think would cause such a thing as faces flying off and around the room like bats.
I wonder if the letter I received the other day about my 2011 return being amended, which I didn't do, has something to do with this. Guess I will have to stay on hold the hour to find out.
Quick books too, huh? Now that could be bad.
Trajan
(19,089 posts)It's pretty clear somebody got this valuable personal information, and it had to come from somewhere ... Intuit seems a reasonable source for that kind of information ...
Silent3
(15,257 posts)Having had my real, valid return submitted and approved should mean any attempt to submit a return in my name for 2014 again should be rejected, unless someone goes as far as filing an amended return, and that I'd think would be a harder stunt to pull off.
One of the reasons I do it immediately.
Silent3
(15,257 posts)...so I was very motivated to act quickly.
I'm thinking the IRS processing might be faster too for people who get their returns in early. My refund appeared, by direct deposit, just one week after I filed.
HeiressofBickworth
(2,682 posts)I need to go to the library tomorrow and pick up my tax forms. I always do my tax forms on paper and mail it in. My income is so low now I haven't paid taxes since I retired six years ago.
It seems that no matter what you do, there is someone out there spending huge amounts of time and effort to rip you off.
marym625
(17,997 posts)There's so much personal, business and financial information, passwords to tax entities, employee information in social security, etc etc etc.
This could be devastating to people
Dr Hobbitstein
(6,568 posts)Neither was Turbo Tax. This OP is pure speculation on a couple cases of tax fraud in a few states. Those committing the fraud used TurboTax to SUBMIT the tax data, but they had the identity info before hand. A simple google search of "turbo tax hack" nets you this OP, a similar blog at Crooks and Liars (using the same original source before it was updated to omit TurboTax), and a bunch of tax fraud articles from years past. Someone jumped the gun on this one.
marym625
(17,997 posts)Thank you for the information
billh58
(6,635 posts)information, even though it is not as sensational as the "hack" angle as "reported" by the OP.
Kablooie
(18,637 posts)Sorry.
That's just how my brain works.
If it works at all.
mnhtnbb
(31,401 posts)but always mailed in the state returns because--up until this year--they charged
for filing a state return and I'm so cheap I'd rather print/stamp/mail than pay
$14.99 or whatever it's been.
Also, I hardly ever get our returns filed until March because I also have to file
for two trusts--and I have to have the K-1's from them to do our personal taxes.
Has anyone seen a list of the 18 states? Is NC included? I've only
seen Utah and Minnesota mentioned so far.
brooklynite
(94,688 posts)Skidmore
(37,364 posts)ABC on GMA just referred to 19 states affected. Nowhere can I find a listing of which states. I just installed this year's Turbotax program on my computer but have not yet started to enter data. Does anyone know where else to check for information regarding states affected? Turbotax site doesn't mention any problems at all.
Can you or somebody clarify "the cloud" being referred to. Is that a cloud used by Turbotax or by individual users? I never use clouds for storage of information of any kind. I also refuse to do online banking.
Does anyone know where else to check for information regarding states affected?
Dr Hobbitstein
(6,568 posts)TurboTax wasn't hacked. A simple google search nets a blog from Crooks and Liars, and Will's OP, plus some articles on tax fraud in years past.
PeaceNikki
(27,985 posts)Pitt irresponsibly is insisting they were with zero proof.
And, oh, hey, Karl Rove was totally indicted!!!
Dr Hobbitstein
(6,568 posts)Not allowing this info to come out. It's a CONSPIRACY!!
Skidmore
(37,364 posts)Plus there's something about a refund or an upgrade to some unhappy users because TT did not include some forms to allow filings by farmers, those with capital gains, small businesses, and one other category. Beyond that and the story I just heard on GMA a few minutes ago, I can find nothing.
berni_mccoy
(23,018 posts)When states stop accepting returns from a single vendor, there is something wrong with that vendor's security.
In this case, it doesn't surprised me that TurboTax might have a flaw. And it could also be true that Intuit's (the company behind TurboTax) systems were not hacked. It could be simply that a hacker has found a way to bypass the authentication mechanism on user accounts, which would still be a problem for Intuit TurboTax. They must provide security for a user's account and they are responsible for breaches.
Note that TurboTax only requires a user-name and password. They do not have two-factor authentication which is now widely used as a minimum by most financial institutions. They can not even tell you which devices you have logged in from (something most social media applications like Facebook, Google and Twitter now have). For protecting your most sensitive financial information, they do less than the minimum to protect it.
WilliamPitt
(58,179 posts)Skidmore
(37,364 posts)That article was not available earlier and it is helpful.
Dr Hobbitstein
(6,568 posts)Fraud =/= hacking. TurboTax is being proactive and trying to work with states to get it under control. Big bad TurboTax, doing the right thing.
When a journalist gets something wrong, they usually issue a retraction. They don't keep doubling down and moving goalposts. Once again, a google search for "turbo tax hack" nets this OP, and a couple of years old articles about TT security.
billh58
(6,635 posts)a victim of identity theft, you most likely have nothing to worry about. Neither TurboTax, nor their parent company Intuit have been "hacked."
Thieves that have committed identity theft from other sources are using TurboTax to file false State tax returns using the TurboTax program and information already stolen from other sources.
As a precaution, TurboTax has temporarily halted the electronic filing of State tax returns (but not Federal) using their product.
Skidmore
(37,364 posts)I enter data and until TT give the go ahead.
Sunlei
(22,651 posts)years ago. The IRS didn't share much information except they sent a letter and asked why I filed 'twice' that year. I had to send a copy of my file and state this was my only filing for that year.
The ONLY time I've typed my ss number online was for 2 online bank accounts, started about 6 years ago.
MineralMan
(146,324 posts)Sometimes, it's better to wait a bit before posting, I think. I know that it's nice to get a beat on the news media, but if that beat is incorrect, that's not a good thing. Right now, it's quite unclear whether or not Turbo Tax and Intuit have been hacked at all. If they have, it will be a story of monstrous proportions. But if not, then something else occurred. In any case, we don't know at this point exactly what happened.
I'd not have posted this, even if I had some information from reliable sources. It's too explosive a story and incorrect postings could do some real harm. That's just my opinion, but based on my own sources regarding things having to do with Intuit, more information will be forthcoming shortly. We'll get the story, once there is an actual story that can be understood.
randome
(34,845 posts)A return filed using TurboTax could have been stored on an unsecure server and was stolen that way. It seems premature to assume TurboTax is negligent in some manner. Maybe they are but...
[hr][font color="blue"][center]Where do uncaptured mouse clicks go?[/center][/font][hr]
MineralMan
(146,324 posts)That's what they're saying, anyhow. Clearly, there are some problems with identity theft connected to tax filings. It's interesting that it appears to be only state returns that are being fraudulently filed.
Intuit has a great deal to lose with this, since both their tax and accounting data is stored in the cloud. I doubt that they would deliberately lie, since the truth would eventually emerge and cause them even more trouble in the long term. I think they're being very careful not to make statements that would come back and bite them on the butt.
I have an email from Intuit that clearly says that their customer data was not compromised. It's not for public consumption, though, so I won't post it. There will, no doubt, be a public statement soon from them.
It looks like there was some jumping of the gun here, not based on good information.
Fuddnik
(8,846 posts)I've filed online with TurboTax for years.
So far, not this year, after they pulled that shit with selling you only half the program, and wanting an additional $25 afterward for the rest of it.
I think I'll find something else this year.
suffragette
(12,232 posts)Individual State Departments of Revenue are loathe to name names but have been quick to point the finger away from their own systems.
The State of Alabama Department of Revenue released a statement yesterday about fraud concerns, saying only, The fraudulent filings originate from data compromised through a third-party commercial tax preparation software process and were detected through ADORs fraud detection systems. They were quick to assure taxpayers, however, that [o]ur systems have not been compromised. Just two weeks into tax season, however, the number of suspicious returns in the state has already hit 16,000, all of which were filed suspected of fraud from the third-party commercial tax preparation software.
~~~
Following up on taxpayer concerns, Intuit announced that it is working with state agencies to address the problem. Intuit reached out to Palantir, a third party security expert, to make a preliminary investigation of the most recent fraud activities. The initial findings have led Intuit to believe that these instances of fraud did not result from a security breach of its systems. Instead, the company believes that the information used to file fraudulent returns was obtained from other sources outside the tax preparation process.
~~~
In addition, Intuit will provide identity protection services and free credit monitoring, as well as provide access to all versions of its software or to the assistance of one of Intuits credentialed tax experts who will prepare taxes for affected customers at no expense.
Looks like the states that aren't naming the software are all using a singular article to refer to the issue, which indicates one software program at the center of the issue rather than multiple ones.
Intuit is so far saying they have not found a breach in TT, but they are offering to provide the usual (post barn door) monitoring to people affected.
Palantir? Where have I heard that name before?
WilliamPitt
(58,179 posts)snooper2
(30,151 posts)Have you learned that fraud does not equal hacking yet?
nc4bo
(17,651 posts)I don't understand, if it's NOT a hack but someone has gotten enough information from "somewhere" that they can actually pass IRS sniff test to the point the return was accepted, how did those "someones" procure the information in the first place. On TT, I call bullshit. It sounds like someone gained access to someone's database of taxpayer information. It's either on the IRS or on the tax preparation software company. What am I misunderstanding here?
What exactly the hell going in here??
C&P from FB.
suffragette
(12,232 posts)And however this happened, it's a big problem.
At this point, it seems to be state tax info.
I wonder if TT has two databases, one with federal tax info and one with combined state tax info. It makes me wonder how the information is stored and transmitted by these companies.
I have the same questions you do.
Orsino
(37,428 posts)Good info. Thanks much.
Dr Hobbitstein
(6,568 posts)If you get enough info, it's easy to get into someone's account, whether that be Facebook, GMail, or TT. There was a huge fraud case last year involving university football players. None of them hacked anything, they stole physical information (wallets, purses, mail, etc) and used that to net about $400,000 before they were caught.
mak3cats
(1,573 posts)A "palantir" is a seeing stone in the Lord of the Rings novels.
suffragette
(12,232 posts)mak3cats
(1,573 posts)I prefer fantasy these days, especially with revelations like this one.
Anyway, there is a bit in the news about this company recently, and not all of it is savory:
http://www.geekwire.com/2015/secretive-big-data-company-palantir-opening-seattle-engineering-office/
http://www.forbes.com/sites/ryanmac/2015/01/19/palantir-ceo-alex-karp-to-be-a-billionaire-as-data-mining-company-raises-more-funds/#
http://www.sfgate.com/bayarea/article/Palantir-co-founder-sued-for-sex-abuse-blames-6049374.php
suffragette
(12,232 posts)Thanks for the new links though.
Looks like they have kept raking in the security budget money and all from their start in data mining.
Yeah, I see why you prefer fantasy
yodermon
(6,143 posts)with targeting Glen Greenwald , wikileaks and others with cyberattacks & smear campaigns. This is from back in '11.
http://www.forbes.com/sites/andygreenberg/2011/02/11/palantir-apologizes-for-wikileaks-attack-proposal-cuts-ties-with-hbgary/
In a statement to the press, Palantir chief executive Alex Carp writes, I have directed the company to sever any and all contacts with HBGary. Karp adds that Palantir Technologies does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called cyber attacks or take other offensive measures. I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities....
I'm sure it's allll cool now, though.
suffragette
(12,232 posts)And organizations.
And now their investigation of the security of TT is supposed to be reassuring?
Well, damn.
PasadenaTrudy
(3,998 posts)Wednesday and he e-filed for me. Oh well.....
mnhtnbb
(31,401 posts)From the Forbes article:
Intuit stressed that this action does not affect the filing of federal income tax returns. It also clearly does not affect taxpayers who are not e-filing state tax returns.
So far, there has been no indication that federal returns have been affected.
http://www.forbes.com/sites/kellyphillipserb/2015/02/06/turbotax-temporarily-halts-e-filing-in-all-states-amid-fraud-concerns/
WilliamPitt
(58,179 posts)The data they need to do state filings is the same info they need to do federal filings. The only difference is the amount of the return. The money is one thing; all that info being in the wind is another.
mnhtnbb
(31,401 posts)then if you never e-filed (I haven't because they charged for NC, but not the Federal return) a State return, presumably
your info is not in the wind.
berni_mccoy
(23,018 posts)That doesn't appear to be the case here. It appears isolated to TT.
berni_mccoy
(23,018 posts)Mira
(22,380 posts)suffragette
(12,232 posts)http://www.state.vt.us/tax/pdf.word.excel/misc/Press%20Release%20Vermont%20Department%20of%20Taxes%20Warns%20of%20Refund%20Fraud.pdf
Vermont Department of Taxes Warns Refund Fraud Connected to Identity Theft Continues to Rise
Montpelier, Vt., Feb. 6, 2015 As the tax season heats up, the Vermont Department of Taxes continues its vigilance to protect taxpayers and taxpayer money against any possible tax refund fraud, but the early signs are that states are seeing another increase in fraudulent filings this year. In fact, there are reports in other states of particularly troublesome fraud trends. Given the nature and level of fraudulent activity, concerns are being raised that a tax preparation software vendor experienced a data breach of previous year returns, however no such breach has been confirmed. Vermont is participating in conversations with other states and with software vendors, and in an abundance of caution, immediately suspended the issuance of all personal income tax refunds temporarily as of February 4. We are reviewing the situation, and will issue an update on when we will resume refunding as soon as possible. The potential identity theft and refund fraud is not related to any breach of Vermont government systems, but rather the use of identities stolen elsewhere.
More at link.
jwirr
(39,215 posts)we talking about 15 states. Is it just state taxes we are talking about here? Or federal taxes as well?
Dr Hobbitstein
(6,568 posts)Any reputable journalist would've edited. A google search for "turbo tax hack" still doesn't net any results for your story. Just that fraudsters utilized turbo tax to SUBMIT fraudulent returns. No hacking. Although, this came up as the number 2 search:
http://newsbusters.org/blogs/pj-gladnick/2015/02/06/du-fraudster-will-pitt-publicly-corrected-turbotax-posting-false
Yes, I know it's a RW news site, but it still gave me a chuckle.
deaniac21
(6,747 posts)in 24 business hours.
mollaeilaw
(1 post)is there any way or solution to get rid, if my tax info get hack?
TexasTowelie
(112,357 posts)He is flagged for review which means that his posting privileges are suspended. His last post was in 2016.
backtoblue
(11,345 posts)Also, to echo TexasTowlie, you won't get a response from the original poster due to their account status.
Good luck.