fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Intuit Notifies Customers of Hacked TurboTax Accounts

Intuit Notifies Customers of Hacked TurboTax Accounts

Financial software company Intuit has notified TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks.

In a breach notification letter sent to affected customers earlier this month, the company said that this was not a “systemic data breach of Intuit.”

In account takeover attacks, cybercriminals gain access to their victims’ accounts using credentials stolen from other online services following past data breaches.

This type of attack works incredibly well against targets who use the same login credentials for multiple sites or services.

TurboTax accounts hacked using reused credentials

Intuit discovered during a security review that an undisclosed number of TurboTax accounts was breached and customer info was exposed.

The company’s investigation revealed that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source” to gain access to the accounts.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

“By accessing your account, the unauthorized party may have obtained information contained in a prior year’s tax return or your current tax return in progress, such as your name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions), and information of other individuals contained in the tax return,” Intuit explained.

“We deeply regret that this incident may affect you. Intuit has taken various measures to help ensure that the accounts of affected customers are protected. We are notifying you so you can take steps to help protect your information,” the company added.

After discovering the attacks, Intuit temporarily disabled the breached TurboTax accounts. Users who had their accounts deactivated must contact Intuit’s Customer Care department at 1-800-944-8596 and say “Security” when prompted.

Afterward, Intuit employees will walk them through an identity verification procedure designed to help reactivate the accounts.

Previous alerts of threat actors taking over TurboTax accounts

This is not the first time attackers have successfully hacked into TurboTax users’ accounts and stole financial and personal information.

TurboTax customers were previously targeted in at least three other series of account takeover attacks in 2014/2015 and again in 2019.

Just as after the previous three incidents, Intuit provides one year of free identity protection, credit monitoring, and Experian IdentityWorks identity restoration services to impacted customers.

Also Read: Data Protection Officer Singapore | 10 FAQs

Intuit and TurboTax spokespersons were not available for comment when contacted by BleepingComputer earlier for further info on the breach dates and the number of impacted accounts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us