ID Thieves Access TaxAct Customers' Personal and Financial Data

Fraudsters who apparently gamed TaxAct's identify verification controls compromised, and may have stolen, personal and tax return information from hundreds of customers. In addition, the software provider detected suspicious activity in 9,000 accounts. Those accounts have since been frozen.

The company says it has no evidence that any TaxAct system was hacked. Rather, it believes thieves obtained customer names and passwords elsewhere, perhaps from other data breaches, to crack open individual accounts. 

The breaches occurred in November and December of 2015. 

TaxAct said early detection of the apparent scheme confirms an anti-fraud campaign launched by the IRS and tax-preparation firms over the past year is working. Tax refund fraud happens when criminals use stolen personal information to file a fraudulent tax return claiming a refund. 

A spokeswoman for the IRS said, “The IRS has already taken steps in our systems to protect the affected accounts.”

On Jan. 11, TaxAct sent a letter with the heading “Notice of Data Breach” to about 450 customers. It said swindlers may have copied their names and Social Security numbers and that tax returns stored in their accounts may have been opened or printed. 

TaxAct has emailed the other 9,000 customers.