Following a public comment period, the Federal Trade Commission has approved a final order with the operator of a Georgia-based online tax preparation service settling allegations that it violated federal rules on financial privacy and security.
The Commission alleged in the complaint against TaxSlayer, LLC that malicious hackers were able to gain full access to nearly 9,000 TaxSlayer accounts between October 2015 and December 2015. According to the complaint, the hackers used the information they accessed to engage in tax identity theft, which allowed them to obtain tax refunds by filing fraudulent tax returns.
The FTC charged that TaxSlayer violated the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to implement safeguards to protect the security, confidentiality and integrity of customer information, and the Privacy Rule, which requires financial institutions to deliver privacy notices to customers.
As part of the settlement with the FTC, the company is prohibited from violating the Privacy Rule and the Safeguards Rule of the Gramm-Leach-Bliley Act for 20 years. Consistent with several past cases involving violations of Gramm-Leach-Bliley Act Rules, the company is required for 10 years to obtain biennial third-party assessments of its compliance with these rules. The Commission vote to approve the final order was 2-0.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.
Juliana Gruenwald Henderson
Office of Public Affairs