Intuit sued over alleged cryptocurrency thefts via Mailchimp intrusion

2022-04-25 22:15

Intuit is being sued in the US after a security failure at its Mailchimp email marketing business allegedly led to the theft of cryptocurrency from one or more digital wallets.

The lawsuit accuses Intuit and Rocket Science Group - a subsidiary that operates Mailchimp - of poor security practices, allowing this alleged heist to take place.

"The hackers were able to access the Trezor email list through Mailchimp and/or Intuit employee accounts," Levinson wrote in his 22-page lawsuit.

Intuit bought Mailchimp last fall for about $12 billion.

According to the lawsuit, this was also made possible because an Intuit staff apparently fell victim to a phishing attack in which they inadvertently handed over their internal credentials to one or more fraudsters.

In a statement to The Register earlier this month, Mailchimp CISO Siobhan Smyth said the company's security engineers first became aware of the security breach on March 26 when a miscreant accessed a tool used by customer-facing teams for customer support and account administration.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/25/intuit-mailchimp-cryptocurrency/

#cryptocurrency