Techies Warn Self-Filing Taxpayers of Possible Identity Theft Threat
Leading tax preparation software companies Intuit (TurboTax) and H&R Block (TaxCut) may be producing software that puts customer tax data at risk, according to some data security experts. Both TurboTax and TaxCut leave taxpayer data files unencrypted and thus unprotected from hackers, and some people are concerned about the possibility of identity theft.
Security Firm PivX Solutions has issued a warning about the hacker potential. Here's how the tax information is stored: TurboTax stores taxpayer information in files that end in a .tax extension. These files, while not readable by a standard word processing program, can be opened and read by anyone with a TurboTax program. TaxCut stores taxpayer information files in regular text files that can be read by word processing programs, including Wordpad and Notepad.
"An identity thief would have all the information they needed to open a line of credit in a victim's name," said Geoff Shively of PivX Solutions. He expressed concerns about the vulnerability of tax files stored on shared network drives, and he also noted that anyone can sit down at a computer and open a tax data file using the appropriate tax software program without entering a password.
"Our clients know it's their responsibility to protect tax data on their computers," said Tom Linafelt, communications manager at H&R Block.
Intuit's Scott Gulbransen agrees. "We always suggest customers use the standard methods to protect their PCs - not just their TurboTax file - from viruses, hackers, etc."
Intuit has no plans to change security measures in the near future. H&R Block indicated it is considering full encryption of tax files in future versions of TaxCut.