Intuit Inc. is facing a class action lawsuit for failing to protect its computer systems, which led to a significant data breach affecting TurboTax and Credit Karma users. Plaintiff Joseph Garite claims that Intuit, known for its popular software services, did not maintain adequate security measures or provide proper cybersecurity training for its employees. This negligence allegedly allowed cybercriminals to infiltrate Intuit’s networks and access sensitive personal identifiable information (PII), including names, addresses, and Social Security numbers.
Garite’s lawsuit asserts that Intuit did not inform affected customers about the breach until March 2024, despite the breach occurring between December 2023 and February 2024. The delay in notification included a lack of critical information such as the breach’s start date, the number of affected individuals, and details on how the breach occurred. This lack of transparency exacerbated the situation for victims, leaving them unaware of the full extent of the compromise.
According to the lawsuit, the compromised data could be sold on the dark web, putting affected individuals at risk of identity theft and fraud. Garite himself has reportedly experienced identity theft, including receiving a fraudulent letter from the IRS containing his Social Security number and tax information. The lawsuit seeks to hold Intuit accountable for its alleged failures and is filed on behalf of all U.S. residents affected by the breach.
The class action includes claims for negligence, breach of contract, invasion of privacy, and violations of California’s consumer protection laws. This legal action follows a previous settlement where Intuit agreed to pay $141 million over allegations of improper charges for TurboTax services.
Reference: