Tax software maker TaxAct is informing some of its customers that an unauthorized third party accessed their TaxAct account in late 2015.
According to the letter dated January 11, TaxAct found evidence that certain accounts were entered between Nov. 10, 2015 and Dec. 4, 2015. The attacker viewed and possibly copied or printed stored tax returns and thus had access to Social Security numbers, addressed, names, driver's license numbers and bank account information.
TaxAct did not give an exact figure of those affected.
"We recently suspended a small number of accounts – less than 0.25 percent (less than one quarter of 1 percent) – after identifying instances of suspicious activity. As a result of our existing processes, we identified the issue early and prevented any further data from being compromised," a TaxAct spokeswoman told SCMagazine.com in an email Wednesday.
The company has disabled the impacted accounts and believes the information required to conduct the attack, customer user names and passwords, was obtained from an outside source. To reactivate an account TaxAct said customers need to access it and change their log in credentials.
“We have investigated the incident and taken the necessary steps to prevent this unauthorized access from recurring as well as mitigate its effect on you,” TaxAct wrote to its customers.
TaxAct is offering a year of free credit monitoring and a $1 million insurance reimbursement policy and access to ID protection experts.
Intuit, maker of TurboTax, was in the hackers crosshairs last year when it halted its state electronic filing system due to fraudsters hijacking tax returns.