Tax preparation software provider TaxSlayer detected suspicious activity on its servers about a week after another tax software developer, TaxAct, was attacked by identity thieves.
“We saw the attempt, but they didn’t get through," said TaxSlayer chief marketing officer Steven Binder.
TaxAct recently was forced to suspend the accounts of more than 9,000 of its customers and said criminals may have stolen information from about 450 of its customers (see TaxAct Detects Data Breach and Suspends Customer Accounts). TaxAct notified the 450 customers in a letter about the data breach that occurred between Nov. 10 and Dec. 4, 2015 and warned them that their names, Social Security numbers and tax returns might have been accessed.
TaxAct declined to comment on TaxSlayer’s experience. “It’s not our practice to comment on incidents that take place outside of our company,” said a spokesperson.
The recent attempt was far from the first cyberattack that TaxSlayer has experienced.
Binder said TaxSlayer sees about 30 to 40 million hacker attempts each year. He told Accounting Today that the company notified the FBI and the IRS about the recent attack.
A TaxSlayer spokesperson later provided additional information about the incident to Accounting Today after this article was posted: "TaxSlayer detected suspicious activity on its servers about the same time as TaxAct," said the statement. "TaxSlayer’s security incident did not result from any action on the part of TaxAct. TaxAct, while a competitor, is a valued partner in the fight against fraud and we will continue to work with them and the rest of the industry to fight against identity theft. TaxSlayer did not fend off a security attack. While there was no breach of our systems, some data may have been compromised or stolen. We believe the data was accessed as a result of usernames and passwords being compromised from other sources. We are in the process of notifying affected individuals. We had around 8,800 accounts that were subject to suspicious activity. A smaller number, or less than one third of one percent of our database, likely had their tax return data accessed."
Like other tax software vendors, TaxSlayer has been stepping up its security measures as part of an initiative that the IRS established last year in partnership with the tax software industry, the major tax prep chains and state tax authorities.
TaxSlayer has been taking extra measures as it recently won a contract with the IRS to provide software next year for its Volunteer Income Tax Assistance and Tax Counseling for the Elderly programs (see IRS Picks TaxSlayer for VITA and TCE Programs).
“Before we even won the IRS contract, we asked for additional verification if we see someone log in from a different computer,” said Binder. TaxSlayer will be working closely with the IRS on setting up the VITA and TCE sites.
The Evans, Ga.-based, family-owned company has been expanding its outreach to tax preparers. While the vast majority of its customers are taxpayers using the consumer software, particularly through the IRS’s Free File program, TaxSlayer has approximately 8,900 tax prep practices using the professional version of its software, according to Binder. In contrast, TaxSlayer processes more than 1 million returns annually for consumers.
Approximately 30 to 40 percent of that is through the Free File program, which provides free federal software for taxpayers. Like other Free File members, TaxSlayer charges consumers to file their state tax returns, but offers a 50 percent discount for members of the military. It charges an annual fee for its professional software.
TaxSlayer plans to debut a cloud-based version of the professional tax software in March, along with a mobile app. The company also sells bookkeeping software, TaxSlayer Books.