TurboTax says it has plugged a hole in its Web site that last week allowed a Nebraska woman to view prior year tax returns for two people with the same last name.
Last Tuesday, TurboTax became aware of a back door in a feature on its Web site that lets users save and view PDFs of previous tax returns. The back door allowed a woman to inadvertently view old tax returns of two other people in addition to her own.
When the woman told TurboTax tech support staff about the problem, TurboTax disabled the feature, fixed the hole and had it back up and running the following day.
TurboTax spokeswoman Julie Miller says the problem didn't affect people using the company's popular software to prepare or file 2006 tax returns.
Miller says TurboTax believes the backdoor affected only three of its customers: the woman who discovered the problem and the two individuals whose returns she was able to view.
"We looked all over our Web site. We scrubbed every customer log, and nothing else has come to light,'' Miller says. "We have very robust information safeguards here.''
Miller recommends that TurboTax customers with common last names choose strong passwords to prevent this sort of problem in the future.
"This was an isolated incident,'' she says.
This story, "TurboTax Fixes Security Glitch" was originally published by Network World.