Income Tax
TurboTax Back Online After Questions About Fake State Tax Returns
TurboTax was forced to suspend electronic filing of all state income tax returns on February 5 after more than a dozen states sounded alarms about criminal hacks. However, it turns out that the program was not hacked.
Feb. 08, 2015
In news that made headlines on Friday, the company behind TurboTax – the the most-used do-it-yourself online income tax system in the U.S. – announced that it was forced to suspend electronic filing of all state income tax returns on February 5 after more than a dozen states sounded alarms about criminal hacks. However, it turns out that the program was not hacked.
The shutdown was short-lived. After about 24 hours, TurboTax’s parent company, California-based Intuit, said that it was back to business as usual for the online program, and for the millions of Americans that use the system.
Only State Income Taxes Affected
Notably, only state income tax returns were affected. The ban didn’t apply to any federal income tax returns. TurboTax immediately halted transmitting state e-filing tax returns when it became aware that criminals were attempting to use stolen personal information – such as Social Security numbers — to file fake returns via its products and collect refunds.
The Wall Street Journal reported that Utah tax officials indicated that 19 states have identified potential fraud issues. Alabama alone said that it has identified as many as 16,000 suspicious tax returns, while Minnesota announced that it wasn’t accepting individual tax returns through TurboTax until the issue is resolved. [Minnesota’s Department of Revenue announced Saturday that the issue is resolved to their satisfaction and the state is once again accepting TurboTax returns.] Massachusetts and Vermont placed a temporary hold on state income tax refunds to ensure that payments go to legitimate recipients.
The stoppage did not include any tax returns handled by professional tax preparers who use Intuit products.
Intuit wasted no time in addressing these issues. After working closely with Palantir, an independent firm providing security and anti-fraud services, the preliminary analysis was that the fraud attempts didn’t result from a security breach of its systems and that the information used to file fraudulent returns was obtained from other sources. But the parties are still investigating matters.
“We understand the role we play in this important industry issue and continuously monitor our systems in search of suspicious activity,” said Brad Smith, Intuit president and chief executive officer in a press release. “We’ve identified specific patterns of behavior where fraud is more likely to occur. We’re working with the states to share that information and remedy the situation quickly. We will continue to engage them on an ongoing basis in an effort to stop fraud before it gets started.”
TurboTax was likely an easy target because it is the most well-known online tax system, with variations of the system used to prepare 29 million tax returns last year. The software for the two next largest online providers, H&R Block and TaxAct, each was used to file about seven million self-prepared returns, tying for a distant second. Neither H&R Block nor TaxAct has acknowledged any incident of similar fraud issues to this point.
The attempts to file fraudulent tax returns through TurboTax comes close on the heels of reports of an invasion into the database of Anthem, the country’s second largest health insurer. At Anthem, the crooks infiltrated its database containing personal information of about 80 million customers and employees.
In addition, the IRS has continuously cautioned about ID theft and other fraudulent actions perpetrated by con artists. This problem isn’t new and it doesn’t appear to be going away anytime soon.
Customers who filed their state tax returns using Intuit products during the brief freeze will have their returns transmitted as soon as possible. Intuit says that these tax filers do not need to take any further action.