Following a public comment period, the Federal Trade Commission has approved a final order with the operator of a Georgia-based online tax preparation service settling allegations that it violated federal rules on financial privacy and security.

The Commission alleged in the complaint against TaxSlayer, LLC that malicious hackers were able to gain full access to nearly 9,000 TaxSlayer accounts between October 2015 and December 2015. According to the complaint, the hackers used the information they accessed to engage in tax identity theft, which allowed them to obtain tax refunds by filing fraudulent tax returns.

The FTC charged that TaxSlayer violated the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to implement safeguards to protect the security, confidentiality and integrity of customer information, and the Privacy Rule, which requires financial institutions to deliver privacy notices to customers.

As part of the settlement with the FTC, the company is prohibited from violating the Privacy Rule and the Safeguards Rule of the Gramm-Leach-Bliley Act for 20 years. Consistent with several past cases involving violations of Gramm-Leach-Bliley Act Rules, the company is required for 10 years to obtain biennial third-party assessments of its compliance with these rules. The Commission vote to approve the final order was 2-0.   back...