WASHINGTON (Legal Newsline) — The Federal Trade Commission (FTC) announced Aug. 29 that TaxSlayer LLC, an online tax preparation service headquartered in Georgia, will settle allegations of violating federal rules related to financial privacy and security.
“Tax preparation services are responsible for very sensitive information, so it’s critical they implement appropriate safeguards to protect that information,” said Tom Pahl, acting director of the FTC’s Bureau of Consumer Protection. “TaxSlayer didn’t have an adequate risk assessment plan, and hackers took over user accounts and committed identity theft.”
According to the FTC, TaxSlayer violated the Gramm-Leach-Bliley Act’s Safeguards Rule. Under the rule, financial institutions must implement the proper precautions to safeguard sensitive consumer information. TaxSlayer allegedly failed to do so between October and December 2015. During that time malicious hackers were purportedly able to access nearly 8,882 consumer accounts.
“This case also demonstrates the importance of password protection,” Pahl said. “Hackers took advantage of people who reused passwords from other sites, and the attack ended when TaxSlayer eventually required people to use multi-factor authentication.”
The FTC voted 2-0 to issue the administrative complaint and accept the consent agreement.