Cyber Incident Victim: TaxSlayer
Date:
Oct 2015
Location:
United States of America
Summary
A tax preparation software provider experienced unauthorized access to customer accounts, affecting approximately 8,800 individuals. Attackers leveraged credentials compromised from an unrelated third-party source to access sensitive information, including names, addresses, Social Security numbers, and dependent data from tax returns. The company confirmed no breach of its own systems occurred and identified no vulnerabilities exploited in the incident. Impacted users received identity theft insurance and credit monitoring services for one year, alongside recommendations to update credentials across all accounts where reused. The incident represented less than 0.3% of the organization's total customer base.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The TaxSlayer breach involved unauthorized access to customer accounts between October 10, 2015, and December 21, 2015. TaxSlayer detected the incident on January 13, 2016, and subsequently notified 8,800 affected customers. The company stated that attackers used credentials obtained from an unidentified third-party vendor rather than exploiting vulnerabilities in TaxSlayer’s own systems. Compromised accounts exposed personal information contained in tax returns or draft returns, including names, addresses, Social Security numbers for both customers and their dependents, and other data from 2014 tax filings. TaxSlayer confirmed no evidence suggested its stored usernames or passwords were directly compromised during the incident.
The breach impacted less than one-third of one percent of TaxSlayer’s customer database. A company spokesperson attributed the attack to external credential theft unrelated to TaxSlayer’s operations, describing the perpetrators as an unidentified criminal element. In response, TaxSlayer offered affected customers one year of identity theft insurance coverage valued at $1 million alongside complimentary credit monitoring for the same duration. The firm advised impacted individuals to change their TaxSlayer credentials and update passwords reused on other accounts. Notification letters were sent to customers, and the incident was formally reported to the California Department of Justice. TaxSlayer reiterated that the breach did not stem from weaknesses in its security infrastructure but from credentials illicitly acquired elsewhere.