TaxSlayer Database Popped Open by Hackers

It is believed credentials that were used to break into the accounts of the tax preparation software firm’s customers were taken from an outside vendor. TaxSlayer refused to identify the vendor or the support function it plays.

“Evidence shows that the unauthorized access did not occur as a result of a vulnerability to our systems. Nor do we believe that usernames and passwords stored on our systems were accessed and compromised. However, we believe that user credentials, stolen from other sources, were then used to misrepresent our customers and therefore access our program. We have no reason to believe that third party was in any way related to TaxSlayer, rather an as-yet-unidentified criminal element," a TaxSlayer spokesperson said.

TaxSlayer notified affected customers last week that an unauthorized party may have accessed details in their tax returns.

The company learned of the hack earlier this month, as a result of ongoing security reviews.

“The unauthorized third party may have obtained access to any information you included in a tax return or draft tax return saved on TaxSlayer, including your name and address, your Social Security number, the Social Security numbers of your dependents, and other data contained on your 2014 tax return,” the company said in its letter to the affected customers.

The 8,800 people affected represent less than one-third of one percent of TaxSlayer’s database.