Cyber Incident Victim: TaxAct

In late 2015, TaxAct experienced unauthorized access to customer accounts between November 10 and December 4, as detected through the company's monitoring processes. An attacker infiltrated a subset of accounts—representing less than 0.25% of total users—and viewed stored tax returns containing highly sensitive personal and financial data. Compromised information included full names, addresses, Social Security numbers, driver's license numbers, and bank account details. TaxAct identified the suspicious activity through existing security protocols, which enabled early detection and suspension of affected accounts before additional data could be exfiltrated. The company determined that attackers obtained customer usernames and passwords from external sources rather than breaching TaxAct's own systems directly. While the exact number of impacted individuals remained undisclosed, the incident potentially exposed victims to identity theft and financial fraud due to the nature of the compromised data.

TaxAct disabled all compromised accounts upon discovery and required customers to reset their credentials before regaining access. The company notified affected users via letters dated January 11, 2016, detailing the intrusion timeline and specific data categories exposed. As remediation, TaxAct implemented measures to prevent similar unauthorized access incidents, though technical specifics of these security enhancements were not publicly disclosed. Affected customers received one year of complimentary credit monitoring, a $1 million insurance reimbursement policy for identity theft-related losses, and direct access to identity protection specialists. The breach occurred amid heightened scrutiny of tax software providers following Intuit's TurboTax fraud incidents earlier in 2015, though TaxAct emphasized its systems weren't directly compromised and that credential reuse from external breaches facilitated the attack. No further data compromises occurred after the initial containment.