Intuit Sued After Hackers Stole Crypto from Customers

A class-action lawsuit was filed against Intuit, a software company, after its email marketing service was hacked and cyber criminals stole cryptocurrencies from Trezor users.

The hackers deployed a phishing attack on March 26 and gained entry into the crypto wallets that are sold by Trezor, a Czech company, according to a federal lawsuit filed in the U.S. District Court, Northern District of California in San Jose, California.

The lawsuit blames Intuit and Rocket Science Group LLC, a subsidiary which operates Mailchimp, but not Trezor. The lawsuit was filed by Alan Levinson, an Illinois man who said $87,000 worth of cryptocurrencies were stolen by hackers from the account.

Intuit is accused of “failing to take adequate and reasonable measures to ensure that its data systems were protected” for Trezor account holders. 

Mailchimp’s email accounts were allegedly accessed by the hackers when an employee clicked on a malicious link, the lawsuit said.

The hackers reportedly gained access when one of its employees clicked on a malicious link in an email, according to the suit.

Intuit’s spokesperson declined to comment. The company said its security team learned about a bad actor on March 26 attempting to access an internal tool used by employees for customer support and account administration, according to a blog post written Siobhan Smyth, chief information security officer at Mailchimp.

“The incident was propagated by a bad actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” she wrote.

Mailchimp said its internal investigation revealed that 319 Mailchimp accounts were viewed and “audience data was exported from 102 of those accounts,” Smyth wrote. “Our findings show that this was a targeted incident focused on users in industries related to cryptocurrency and finance.”

Previous Post Next Post