Important Alert: Intuit Quickbooks Accounts Targeted by Hackers for Fake Tax Filings and Data Breaches

I have recently received news that prompted me to alert members to a concerning trend in cybersecurity targeting firms that utilize Intuit Quickbooks and Quickbooks Online. Reports have surfaced indicating that Quickbooks accounts are being compromised by hackers, who are then using the stolen credentials such as the number that represents your firm for e-filing to file fake tax returns with your data and other data collected.

This breach not only poses a significant financial risk to the affected firms but also potentially exposes sensitive financial information of clients and other larger breach penalties. It is crucial to take immediate steps to safeguard your Quickbooks accounts and prevent falling victim to such attacks.

Here are some essential measures to protect your firm:

  • Strengthen Passwords: Ensure that all accounts associated with Quickbooks have strong, unique passwords. Use a combination of uppercase and lowercase letters, numbers, and special characters to enhance security. 
  • Enable Two-Factor Authentication (2FA): Implement 2FA wherever possible to add an extra layer of security to your accounts. This will require users to provide a second form of authentication, such as a code sent to their mobile device, in addition to their password. 
  • Regularly Monitor Account Activity: Keep a close eye on all activities within your Quickbooks accounts. Monitor for any unusual login accounts, file access, or financial transactions that could indicate unauthorized access. 
  • Educate Employees: Train your staff on the importance of cybersecurity awareness and the potential risks associated with phishing scams and other social engineering tactics used by hackers to gain access to accounts. 
  • Update Software and Systems: Ensure that your Quickbooks software is up-to-date with the latest security patches and updates. Regularly update all systems and software used within your organization to mitigate vulnerabilities.
  • Secure External Firms: If your organization works with external accounting or tax firms, verify their security protocols and ensure that they have robust measures in place to protect client data. 

In light of these reports, I urge all members using Intuit Quickbooks to remain vigilant and take proactive steps to secure their accounts and sensitive financial information. By implementing these precautions and staying informed about cybersecurity threats, we can mitigate the risk of falling victim to malicious attacks. From what I have heard, after the initial report with Intuit, the firms that implemented some of these additional steps are still working hard on keeping the infiltrator out. 

Stay safe and secure, 
Calvin J. Wong, CISSP 
The Georgia Society of CPAs