former ftc chief says this data breach is a “five-alarm fire.”
by rick richardson
technology this week
a seven-month congressional investigation found that three of the biggest tax preparation firms in the country may have shared americans’ private financial information with google and meta for years in a possible violation of federal law. the information, in some cases, was used for targeted advertising.
more tech this week: the first police officer on the scene might be a drone | electronic skin that can sense touch will transform robotics | chatgpt passes cpa exam on second try | stanford scientists 3d-print heart tissue | four of today’s new technologies that will be tomorrow’s ‘norm’ | cyber insurance costs rise in health care as attacks soar
exclusively for pro members. log in here or 2022世界杯足球排名 today.
the investigation’s findings reveal a “five-alarm fire” for taxpayer privacy that, according to legal experts, could result in public and private lawsuits, criminal penalties or even a “mortal blow” for some major industry players like taxslayer, h&r block and taxact.
“on a scale from one to 10, this is a 15 … this is as great as any privacy breach that i’ve seen other than exploiting kids. this is a five-alarm fire if what we know about this so far is true.”
according to a congressional study, the three tax preparation organizations allegedly transmitted tens of millions of americans’ personal information to the tech industry without their knowledge or proper disclosures using visitor tracking equipment integrated into their websites.
the report states that besides standard personal information like names, phone numbers and email addresses, the list of shared data also included taxpayer data, including information about people’s filing status, adjusted gross income, the size of their tax refunds, and even information about the buttons and text fields they clicked on while completing their tax forms, which could reveal what tax breaks they may have claimed or which government programs they use.
the research also discovered that the information of every taxpayer who used taxact’s irs free file service with enabled tracking was shared with the tech companies. the analysis was based on congressional interviews and written testimony from meta, google and the tax-preparation firms. according to the research, several tax preparation businesses are still unsure of the status of the data they supplied with tech platforms.
“on a scale from one to 10, this is a 15,” said david vladeck, a law professor at georgetown university and a former consumer protection chief at the federal trade commission, the country’s top privacy watchdog. “this is as great as any privacy breach that i’ve seen other than exploiting kids. this is a five-alarm fire if what we know about this so far is true.”
it also serves as an illustration, according to vladeck, of the necessity for federal law, giving every american a fundamental right to data privacy. although electronic data is becoming an increasingly significant component of the global economy, this subject has been stalled in congress for years.
according to the report, the tax preparation firms at the focus of the probe informed lawmakers that the acquired data had been scrambled to assist in preserving privacy. the study highlighted prior ftc studies that found that even “anonymized” data may be easily reverse-engineered to identify a person, but it also claimed that some tax-prep services themselves were not entirely aware of how much information was being given to the digital platforms.
h&r block said in a statement that it takes customer privacy “very seriously” and that it has taken precautions to stop information exchange through pixels. according to [the new] report, h&r block stated it had been using the tracking technology for “at least a couple of years.”
a request for comment was not immediately answered by taxact or taxslayer. according to the research, taxslayer started using meta’s tools in 2018 and google’s in 2011, although taxact has been using both since around 2014. the research discovered that all three tax preparation businesses had stopped using meta’s pixel because of the markup’s initial investigative article from last november.
the study discovered that intuit, the firm that produces turbotax, did not use tracking pixels to the same level as other companies and was not the subject of the most recent report despite receiving an initial inquiry letter from the senators in december.
according to a former ftc official who asked to remain anonymous to talk more freely, the tax-preparation companies may be quickly forced into a legally enforceable settlement depending on the gravity of the claims.
“if the facts are really strong, these companies would probably rather settle than go to court. this is very embarrassing,” the former official said. “it could be a mortal blow to the tax prep companies.”