State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

TurboTax

Original Release Date: 3/4/2019

Summary

TurboTax customer tax return information has been exposed via a credential stuffing attack. In this attack, the networks of TurboTax were not compromised; instead, threat actors used username and password combinations from previous non-TurboTax security breaches to gain access to customer accounts. Any information disclosed on their tax return, such as Social Security number, date of birth, financial information, and any spouse and dependent information was available for the threat actor and can easily be used to commit identity theft. This incident is another reminder of the dangers of password reuse across multiple accounts. TurboTax temporarily disabled affected accounts; customers can call 1-800-944-8596 to verify their identity and reactivate their account. TurboTax is also offering a year of free identity protection, credit monitoring, and identity restoration services to impacted customers.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.