Security flaw in Florida tax website exposed filers' sensitive data

After a security incident, some Florida residents may be keeping a close watch on their finances. Hundreds of people's bank account and Social Security numbers were exposed by a flaw in the Florida Department of Revenue website, according to researcher Kamran Mohsin. If you changed the digits in the link on the state business tax registration website, you could modify and even remove personal data from it.

At the time of the discovery, the Department had over 703,000 applications. The flaw was brought to the Department's attention by Mohsin.

The flaw was fixed by the government within four days of the report, and two firms found the site secure. She didn't say how officials might have spotted misuse of the flaw. A year of free credit monitoring was offered by the agency after they contacted every affected taxpayer.

These types of bugs are easy to fix. The damage may be limited compared to other tax-related breeches, such as the healthcare.gov intrusion. Even a small exposure like this could be used to commit tax fraud and steal refunds.