Intuit Sued Over Alleged Crypto Currency Thefts Via Mailchimp Intrusion

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Intuit is being sued in the US after a security failure at its Mailchimp email marketing business allegedly led to the theft of cryptocurrency from one or more digital wallets.

In a proposed class-action lawsuit [PDF] filed in federal court in northern California on Friday, the plaintiff – Alan Levinson of Illinois – claimed he and potentially others fell victim to a sophisticated phishing attack in which their Trezor cryptocurrency wallets were unlawfully accessed and funds siphoned.

Someone earlier stole from Mailchimp details of Trezor’s mailing-list subscribers, and used this information to reach out to those users with an email engineered to trick them into installing malware designed to hijack their digital wallets. Levinson said he believes millions of dollars in crypto-coins were stolen in this attack, including $87,000 from his own wallet.

The lawsuit accuses Intuit and Rocket Science Group – a subsidiary that operates Mailchimp – of poor security practices, allowing this alleged heist to take place.

“The hackers were able to access the Trezor email list (and likely other insensitive information) through Mailchimp and/or Intuit employee accounts,” Levinson wrote in his 22-page lawsuit. “Indeed, defendants confirmed that hackers used an internal employee tool to steal data from more than 100 of their clients — with the data being used to mount phishing attacks on the users of cryptocurrency services.”

It’s said said Intuit “willfully, recklessly, or negligently” failed to put in place measures that would ensure people’s data was protected and keep such a breach

Read more

Explore the site

More from the blog

Latest News