For all we know, they are sharing this info with the IRS and, besides making money off the criminals, they’re sending them to jail as well. It would be unwise of them to reveal this fact publicly.
…unless you wanted to deter the behavior, consistent with conventional judicial theories of punishment.
You are grasping at straws. Two whistleblowers resigned from their positions at Intuit and detailed Intuit’s lax security policies to Brian Krebs. It’s difficult to imagine how that fits into a bigger criminal investigation.
Turbo Tax has fiduciary duties outlined above. IMO, they are negligent, worse than they were in 2001 when they mistakenly released 150,000 passwords to the bad guys.
Maybe. But there’s also this. Robert Lee was a former security business partner at Intuit until July 2014. He told Brian Krebs, “If I sign up for an account and file tax refund requests on 100 people who are not me, it’s obviously fraud. We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts.”
What’s happening is that Intuit doesn’t want to lose the criminal market to its competitors, at least according to an internal Intuit conference call. In it the deputy general counsel stated, [INDENT]“As you can imagine, the bad guys being smart and savvy, they saw this and noticed it, they just went somewhere else… The amount of fraudulent activity didn’t change. The landscape didn’t change. It was like squeezing a balloon. They recognized that TurboTax returns were getting stopped at the door. So they said, ‘We’ll just go over to H&R Block, to TaxSlayer or TaxAct, or whatever.’ And all of a sudden we saw what we call ‘multi-filer activity’ had completely dropped off a cliff but the amount that the IRS reported coming through digital channels and through their self reported fraud network was not changing at all. The bad guys had just gone from us to others.” [/INDENT] That recording was relayed to the Security Exchange Commission after one of Intuit’s security engineers resigned.
Vox published a decent article about the Turbo Tax saga last week. One of the whistleblowers opined to Krebs, “When you give your most sensitive data and that of your family to a company, that company should offer you more security than you can get at Facebook or ‘World of Warcraft’.” That’s one way of putting it.
The article also notes that, “If you take sensible precautions — like choosing a strong password and enabling two-factor authentication — your tax refund should be just as safe filing with TurboTax as with other software.” Emphasis added. Interesting and relevant.
Also, there are a number of steps the IRS could do, but they require congressional authorization. Congress has dragged its feet. The reporter doesn’t name names or subcommittees, which is a shame. Given that state tax departments are also involved, I’d say that comprehensive reform might be more challenging than the piece indicates. Grist for a followup article.