1. Latest News
  2. Submit Press Release

Mobile applications from the IRS, TaxAct, TaxSlayer and JacksonHewitt expose taxpayer data

SAN FRANCISCO - April 11, 2014 - PRLog -- With the April 15th deadline approaching taxpayers will be rushing to complete their taxes.  However not all tax applications are equally secure, a consideration that should be taken into account when choosing a product.  A review by Symosis Security of the leading mobile tax applications has revealed failing grades for iPhone products by the IRS, TaxAct, TaxSlayer, and JacksonHewitt.   The applications may appear secure, as users must login when launching the application or enter their data each time, however attaching the device to a computer and using freely available software a criminal can go back and access all of the sensitive data previously entered.   Data includes the users’ SSN, tax data, financial accounts, and the username and passwords in cleartext.   A user of these products may feel they are protected, as they must login or re-enter the data each time they launch the application, but once entered the data remains on the device even if they are not authenticated, and that data is easily accessible.

If your phone is lost or stolen a week, or a year from now, all of that data could easily be recovered.  This could leave thousands of users of those products exposed to identity theft using the tax data, or if a users shares those same credentials on other sites it could expose that data as well.  In some cases the issue was due to logging, other findings included screen captures of sensitive data, and image files of tax documents. Requests to contact the companies to remediate the problem were not successful.  Other applications from Intuit and HRBlock were not affected.

Related Link(s) - http://symosis.com


--- End ---

Click to Share

Contact Email:
***@symosis.com Email Verified
Source:Symosis Security
Location:San Francisco - California - United States
Industry:Mobile, Security
Tags:Mobile Tax Security, Mobile Password Compromise, Mobile Tax Vulnerabilities, Tax passwords exposed, Tax data exposed, Symosis Security Tax Applications
Last Updated:Apr 15, 2014
Verified Account Email Address
Verified Account Phone Number

Disclaimer:   Issuers of the press releases are solely responsible for the content of their press releases. PRLog can't be held liable for the content posted by others.   Report Abuse

Latest Press Releases By “


Like PRLog?
Click to Share