The FBI is looking into fraudulent tax returns filed in several states through the popular software TurboTax, the latest instance of creative tricks cybercriminals are using to profit from stolen data.
TurboTax temporarily suspended electronic filings of state tax returns Friday after spotting an uptick in people using stolen personal information to file fraudulent returns and claim tax refunds.
Based on an initial investigation, TurboTax later said it found no security breaches in its own systems and resumed e-filings of state tax returns. Federal returns were unaffected.
The FBI said it was investigating the returns, but it would not comment further.
"We're aware that the FBI has acknowledged that it is investigating," said Julie Miller, spokeswoman for Intuit Inc., the Mountain View, Calif., owner of TurboTax. "But to the best of our knowledge, Intuit is not the target of that investigation."
So far, California has been unaffected by any unusual or criminal activity in tax returns using TurboTax, said Denise Azimi, spokeswoman with the California Franchise Tax Board.
But at least 19 states have endured similar fake tax filings, according to the Utah State Tax Commission. Many taxpayers caught the problem after trying to file their returns, only to be notified by TurboTax that their paperwork had already been submitted.
The possibility of criminal activity spurred Minnesota's Department of Revenue last week to stop accepting tax returns submitted through TurboTax, one of the nation's top-selling software products for tax returns.
The problems plaguing TurboTax come at a time when companies are increasingly being targeted by cybercriminals intent on lifting personal data.
Last week, health insurance giant Anthem Inc. said it was the victim of a massive data breach that exposed the private data of as many as 80 million Americans. A growing crowd of retailers, such as Target Corp. and
Security experts said hackers were looking for more ways to make money from stolen data. Some sell information through murky online marketplaces that traffic in stolen tidbits; others have used data as a tool to con money out of organizations.
"You are seeing the dawn of a new era where third-party payment services are used to fraudulently get money from the government," said Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency.
Penrose, now executive vice president at the cybersecurity start-up Darktrace, said cybercriminals may have lifted names, Social Security numbers and other personal data from other companies and used that information in fake tax returns.
Hackers could have picked up additional pertinent information, such as the number of children in a household, by sending malware to a taxpayer's laptop or doing a simple search online of publicly available information.
Then digital thieves may have pinpointed states with less rigid security safeguards and looser verification systems, hoping for a big payday once refunds came in, Penrose said.
"You will see a lot more of this in 2015 where cybercriminals figure out how to monetize" data in new ways, including tax fraud and fake medical claims, Penrose said.
The agency said it has strengthened protections on its systems this filing season, which kicked off Jan. 20.
"We closely monitor incoming tax returns, watching for fraud indicators and adjusting our systems as necessary," the IRS said.
Observers said states and corporations have to incorporate sophisticated threat detection software to look for strange behavior or activity.
Penrose pointed out that federal tax returns filed to the IRS, which has stronger protections in place than most states, appeared to be untouched by those behind the TurboTax hack.
TurboTax said it regularly works with law enforcement to find and prevent fraud. But it noted: "Tax fraud is an industry-wide issue."