TurboTax Fraud

This allegedly gave cybercriminals easier access to data including residential addresses, birth dates, Social Security numbers, bank account numbers and other financial information that helped facilitate the filing of thousands of fraudulent tax returns.

Intuit Didn’t Properly Protect Customers’ Sensitive Information

The lawsuit alleges that Intuit knew or should have known about the recent increase in fraudulent tax filings and data breaches, but failed to take “commercially reasonable measures” to protect customers’ information. This allegedly gave cybercriminals easier access to data including residential addresses, birth dates, Social Security numbers, bank account numbers and other financial information that helped facilitate the filing of thousands of fraudulent tax returns.

Intuit Didn’t Implement Adequate Security Measures to Protect Non-Customers from Fraudulent Filings

Intuit also allowed fraudsters to create fake TurboTax accounts to file fraudulent returns in third-party, non-customer names, according to the class action. When Intuit employees identified a number of TurboTax accounts that they thought were being used solely for fraudulent tax filings, the company allegedly told them not to flag or deactivate the accounts.

Intuit Facilitated the Filing of Fraudulent Tax Returns on TurboTax

The lawsuit claims that companies such as Intuit must be diligent in recognizing fraud and abuse, reporting it to the International Revenue Service (IRS) and working to prevent fraud while safeguarding information that could be used to file fraudulent returns; however, Intuit’s lax security measures did not meet these standards and actually facilitated tax fraud on TurboTax, according to the suit. This allegedly allowed thousands of fraudulent tax returns to be filed.

Intuit Waited Years to Implement Security Measures to Protect Sensitive Information

While security experts told Intuit that the company should add certain safety measures to protect TurboTax customers, the company did not implement these “very basic security measures” until years later, according to the suit. Specifically, the class action claims that Intuit should have added a two-step verification process to TurboTax, where users logging into their accounts would be prompted to further verify their identities by email or phone; however, Intuit waited until February 2015 to add two-step verification to TurboTax and only did so after states reported suspicious tax filings from the software and the company had to temporarily suspend state e-filing operations.

Intuit Put Thousands at Risk for Further Identity Theft

One plaintiff named in the lawsuit, Christine Diaz, alleges that she purchased Intuit’s TurboTax software to do her taxes in 2011, but hasn’t used the program again since. Yet, in January 2015, Diaz was notified that federal and state tax returns were filed under her name using the software and later received a bill for more than $200 for these fraudulent returns, according to the lawsuit. As a result of these fraudulent filings, the lawsuit claims that Diaz is now ineligible for online tax filing, is at an increased risk for future identity theft and must pay for ongoing credit monitoring.

Another plaintiff, Michelle Fugatt, alleges that she never used TurboTax to do her taxes, but was notified in March 2015 that someone had filed a tax return under her name using the software. In addition to being at an increased risk for identity theft, the plaintiff alleges that she may also lose eligibility for certain government programs because the fraudulent tax return was filed for a much higher income.

The lawsuit seeks to cover two groups of people:

• All consumers and businesses in the United States who were victims of fraudulent tax returns filed in their names through TurboTax.
• All consumers and businesses in the United States who provided their data to Intuit through TurboTax and had their information accessed by unauthorized persons.

If your information was compromised after using TurboTax or if you didn’t use TurboTax to do your taxes but were still billed for these services, contact us today. You may be able to take part in this class action lawsuit and recover compensation for any losses you sustained from having a fraudulent tax return filed under your name or having your identity stolen.

Two of Intuit’s former security employees have also filed a separate whistleblower lawsuit that alleges the company made millions by knowingly processing state and federal tax returns filed by cybercriminals.

One of the former employees claims that Intuit refused to adopt ideas that would have helped quickly identify fraudulent accounts, as well as “basic cyber security policies” that would have made it more difficult for thieves to use TurboTax for fraudulent tax filings. For instance, the lawsuit claims that Intuit could have blocked the re-use of the same Social Security number across a number of TurboTax accounts or prevented an account from filing multiple returns.

Furthermore, the whistleblower lawsuit claims that Intuit systematicallyprioritized profits over ethics when it came to the processing of tax filings. According to the former employees, Intuit previously claimed to be at the forefront of reporting suspected cases of tax fraud to the IRS; however, the company allegedly scaled back its reports to the government when it noticed that cybercriminals were taking their tax fraud business to TurboTax’s competitors, causing a decrease in revenue. As a result, the company allegedly stopped or delayed sending the IRS its fraud numbers, which resulted in both an increase in fraud and an increase in revenue for the company.