Intuit gets sued for a security failure that led to cryptocurrency theft

Intuit faces a lawsuit in the wake of a security failure at MailChimp that led to cryptocurrency theft from at least one wallet. Intuit acquired MailChimp last year for $12B. 

More: 

• The proposed class-action lawsuit was filed by plaintiff Alan Levinson of Illinois, claiming a total of $87,000 was stolen due to a sophisticated phishing attack on April 2. 
• The cryptocurrency wallets were attacked in an elaborate email phishing attack that installed malware, which hacked the wallets of several crypto investors. 
• The plaintiff accuses MailChimp of poor security practices that led the attackers to gain access to the Trezor email list. 
  • The hackers used internal employee tools to steal the data of more than 100 customers, the lawsuit states. 
  • Levinson says that Intuit "willfully, recklessly, or negligently" failed to protect and disclose the data breach to its clients.  
• Bad actors in the phishing scheme had emailed MailChimp clients stating that the company's data was compromised and that their crypto wallets were at risk. 
  • Levinson and others fell victim to this email message and believed that the email was legitimately from the company, but it came with a malware link. 
  • Intuit staff also fell victim to a phishing attack and handed over sensitive client data to the hacker. 

How to spot a phishing attack: 

• Always double-check the email URL and look for special characters. 
  • The email in this message said to click on a link to suite.trẹzor.com (notice the special ẹ character), which prompted users to download the new version of Trezor Desktop software.