Tax prep software publisher TaxSlayer reported a data breach that was discovered in January, but started last October. According to their disclosure letter and customer notifications, an unnamed third-party was compromised, exposing usernames and passwords. The attackers responsible then used those harvested credentials to access TaxSlayer accounts.
"As a result of ongoing security reviews, TaxSlayer identified on January 13, 2016 that an unauthorized third party, whom we believe obtained your username and password from another online service, may have accessed your TaxSlayer account between 10/10/2015 and 12/21/2015. In order to protect your account, we have temporarily disabled access," the notice explains.
"The unauthorized third party may have obtained access to any information you included in a tax return or draft tax return saved on TaxSlayer, including your name and address, your Social Security number, the Social Security numbers of your dependents, and other data contained on your 2014 tax return."