Intuit shares payroll data from 1.4 million small businesses with Equifax – Krebs on Security


Financial services giant intuition this week informed 1.4 million small businesses with his QuickBooks online payroll and Intuit online payroll Products that have their payroll information shared with the three major consumer credit bureaus Equifax from the end of this year, unless customers object by the end of this month.

According to Intuit, the change comes with an “exciting” and “free” new service that will give millions of small business employees easy access to employment and income verification services when applying for a loan or line of credit.

“In the early fall of 2021, your QuickBooks online payroll subscription will include an automated income and employment verification service powered by The work number from Equifax, ”read the Intuit email, which included a link to the new Terms of Use. “Your employees may need to review their income and employment information when applying for credit, credit, or government aid. Previously, you likely had to manually provide this information to lenders, creditors, or government agencies. These reviews are automated by The Work Number, which helps employees get approvals faster and saves you time. “

An Intuit spokesperson made it clear that the new service is not available through QuickBooks Online or to QuickBooks Online users as a whole. Intuit’s FAQ about the changes can be found here.

Equifax’s mega-break in 2017, which revealed the personal and financial data of 145.5 million Americans, may have shocked the public, but it did little to deter more than a million employers from Equifax continuing to keep their payroll data to sell. Bloomberg Found at the end of 2017.

“Workforce Solutions is now one of Equifax’s fastest growing businesses, contributing more than a fifth to the company’s $ 3.1 billion revenue last year,” wrote Jennifer Surane. “Using payroll data from government agencies and thousands of employers – including the vast majority of Fortune 500 companies – Equifax has, according to government records, cultivated a database of 300 million current and historical employment records.”

QuickBooks Online users Anthony Citrano Posted on Twitter about receiving the notice, noting that the upcoming changes in the financial or larger media arenas did not need to receive any attention.

“The way I read the terms and conditions, Equifax proactively collects all payroll data in case they need to pass it on later – much like they already handle credit reports,” said Citrano, founder and CEO of Acquicent, a company that gives non-fungible tokens ( NFTs). “And that feels like a catastrophe waiting to happen, especially given the history of Equifax.”

In selling payroll data to Equifax, Intuit joins some of the world’s largest payroll providers. For example, ADP – the largest payroll software provider in the United States – has long shared payroll data with Equifax.

However, Citrano said that Intuit’s move will involve a large number of fairly small businesses.

“ADP is already involved in some ways, but QuickBooks Online jumping on the bandwagon means many employees in small and medium-sized businesses will be affected,” he said.

Why should small businesses think twice before trusting Equifax with their payroll information? The answer is that the company doesn’t have a great track record of protecting this information.

In the days following the Equifax breach in 2017, KrebsOnSecurity pointed out that the job number makes it a little too easy for anyone to know your pay history. At that time, you only needed the social security number and date of birth to view a person’s entire work and salary history. It didn’t help that roughly half the US population was known to have both information in the possession of criminals behind the violation.

Equifax responded by deleting its Work Number website until it could accommodate additional authentication requests, saying anyone could opt out of Equifax disclosing their pay history.

Equifax security improvements included the addition of four multiple Guess questions, the answers of which were based on publicly available data. However, these requirements were easily circumvented, as evidenced by a previous violation in Equifax’s Labor Department.

The job number is a user paid check of the employment database carried out by. was created TALX Corp.A data broker acquired by Equifax in 2007 broke four months before the 2017 epic breach became public, KrebsOnSecurity broke the news that fraudsters who specialize in tax refund fraud had successfully the answers to these secret guessing questions to reset TALX account PINs, which then let them reset previous W- View 2 tax forms for employees of many Fortune 500 companies.

According to Intuit, affected customers who do not wish to include this new service will have to update their settings and opt out by July 31, 2021. Otherwise, they will be signed in automatically. According to Intuit, customers can opt out as follows:

1. Sign in to QuickBooks Online Payroll.

2. Go to Payroll Settings.

3. In the Shared Data section, select the pen and clear the check box.

4. Choose Save.


Leave A Reply