TaxSlayer Settles FTC Allegations Hackers Stole Customer Data
TaxSlayer settled FTC allegations hackers gained access to nearly 9,000 accounts for part of 2015, allowing them to file fraudulent tax returns, said a Tuesday agency news release. Commissioners voted 2-0 and comments are due Sept. 29. The FTC said…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
TaxSlayer violated Gramm-Leach-Bliley Act rules requiring financial institutions to protect customer data and deliver privacy notices to customers. The company failed to implement adequate authentication measures and didn't require customers to choose strong passwords, said the commission. It mustn't violate those rules for 20 years. A TaxSlayer spokeswoman said the company, among others, "was the object of a list validation attack" that targeted less than 1 percent of its users. The company "self-reported the attack to the IRS and took immediate remediation efforts that have become standardized in response to such attacks," she said. TaxSlayer has increased security measures, imposed stricter authentication and is a participant in the IRS's Security Summit that develops industry protections for taxpayer information, she added.