Menu
Tax Notes logo

Intuit Failed to Cooperate With FBI Probe of Website Attack

Posted on Jan. 14, 2020

Intuit Inc. alerted the FBI in late 2015 of an ongoing large-scale attack on its systems but failed to cooperate when the government tried to investigate, according to documents obtained through the Freedom of Information Act.

An individual acting on behalf of Intuit whose identity has been redacted contacted the FBI in October 2015 to report “an ongoing large scale list validation attack,” which the FOIA documents explained is a script “that automates attempts at finding valid usernames and passwords for accounts registered with the company being attacked.”

Two FBI special agents discussed the list validation attack with the informant and days later requested that “a new full investigation be opened.” At that time, the FBI and the IRS Criminal Investigation division were already investigating the widespread stolen identity tax refund fraud scheme perpetrated during the 2015 filing season through Intuit’s TurboTax software. State tax agencies uncovered and made public the scheme, reporting that perpetrators had filed fraudulent returns in 19 states in attempts to steal state tax refunds.

Tax Notes filed a FOIA request with the FBI in 2017, seeking an update on the status of that initial probe and documents related to it that were generated from 2015 through 2017 — the time of the request. The FBI has finally responded. While the documents produced do not address the early 2015 investigation, they show that the FBI assigned a case number and opened a new investigation in late 2015 into the reported list validation attack against Intuit.

In November 2015 the FBI sought supporting documents regarding the list validation attack; a list of the specific types of documents requested is redacted. It was then that outside counsel for Intuit called one of the special agents “regarding the FBI’s objective for the captioned investigation.” The special agent responded that "the FBI sought to use the information Intuit provided in an attempt to identify the actor(s) involved in the list validation attack against the company.” The special agent further advised Intuit’s outside counsel that "in this particular investigation, Intuit was considered a victim.” The rest of the paragraph is redacted.

From that point forward, Intuit’s outside counsel did not cooperate in the FBI’s attempt to identify the cyberattack perpetrators.

The documents show that between November 2015 and March 2016, the FBI special agent contacted Intuit’s outside counsel eight times to check on the progress of the request. Outside counsel assured the FBI special agent that he would send the requested information but never did. When a special agent advised the outside counsel “that without Intuit’s cooperation, FBI San Francisco and the United States Attorney’s Office were planning to close the investigation,” the outside counsel again promised to send the requested documents but didn’t. The documents indicate that the case file includes the government’s declination email, although that letter is redacted.

Intuit routinely cooperates with government investigations. In fact, in the matter that appears to be discussed in the documents you provided, Intuit initiated contact with the FBI, provided information and had multiple interactions with the Bureau,” company spokesman Rick Heineman told Tax Notes, adding that because the topic of inquiry is years old, Intuit is still determining whether it has additional information.

Copy RID