Intuit Suspends Turbo Tax e-Filing, Investigating Fraudulent Returns

Intuit last week temporarily suspended its Turbo Tax e-filing service following an increase in fraudulently filed state tax returns.

UPDATE: This story has been updated with commentary from Intuit.

Intuit last Thursday suspended its Turbo Tax e-filing service after a dramatic increase in suspicious filings and criminal attempts to leverage stolen identities in order to claim tax refunds. Intuit has since restored Turbo Tax and says it has no evidence suggesting that the fraudulent returns resulted from a breach of Intuit systems.

Turbo Tax is a popular online federal and state tax filing platform. Broadly speaking, the filing deadline for federal and most state-taxes is on or shortly after April 15. Many U.S. citizens begin receiving their tax-filing forms in January and February, which means that Intuit suspended Turbo Tax in the height of filing season.

Thursday’s suspension only affected users who had recently filed their state tax returns or those who attempted to file state returns during the downtime. Intuit did not stop transmitting federal returns.

On Friday, Intuit published a press release explaining that it was working with state agencies and the security firm Palantir to address growing concerns about tax fraud. In what Intuit described as a “precautionary step,” the company temporarily suspended its transmission of state tax returns.

Intuit claims that Palantir’s investigation of incidents revealed that the information used to file fraudulent returns was acquired from sources outside the tax preparations process.

“We understand the role we play in this important industry issue and continuously monitor our systems in search of suspicious activity,” said Brad Smith, Intuit president and chief executive officer. “We’ve identified specific patterns of behavior where fraud is more likely to occur. We’re working with the states to share that information and remedy the situation quickly. We will continue to engage them on an ongoing basis in an effort to stop fraud before it gets started.”

By Friday evening, Intuit had resumed transmitting state returns.

It’s not currently clear what led to the uptick in fraudulent tax returns, though there is no shortage of possibilities. First and foremost, there is the worst-case scenario that hackers compromised Intuit’s Turbo Tax service, though Intuit claims this is not the case. It’s entirely possible that the victim’s of this year’s fraud filed on malware infected computers last year and had their filing data monitored by a keylogger and ultimately stolen. Simpler yet, it’s possible that these tax-fraud victims were also the victim’s of password stealing malware that enabled the attackers to simply log into their Turbo Tax accounts. It’s also worth noting that vast stores of sensitive information have been stolen in various data breaches over the last year. Criminals could have used information from prior data breaches — not limited to Social Security numbers and shared credentials —  to fraudulently file state returns on behalf of their victims.

We’ve identified specific patterns of behavior where fraud is more likely to occur

What remains unclear at that moment is how the reported uptick in tax fraud has affected other e-filing services. USA Today is reporting that Turbo Tax’s primary competitor, H&R Block, has not seen an uptick in fraud and has no plans to suspend its service.

To combat further fraud, the company has implemented a multi-step authentication process that should help prevent fraudulent log-ins via weak or otherwise compromised passwords. They’ve also set up a dedicated toll free number to assist customers who believe they may have become the victims of tax fraud.

An Intuit spokesperson told Threatpost that tax fraud is an industry wide problem while offering the assurance “the privacy and security of [their] customers’ data is the top priority.”

Suggested articles


  • Chris on

    I think you mean Intuit. The Inuit are a Native American tribal group in Canada and Alaska.
  • Lance on

    My taxes were accepted on Feb. 8th I still have not gotten my netspend visa card with refund on it. I received an e-mail message saying $500. had been withdrawn at such and such bank on Feb 14th. I NEVER REIVED MY CARD. Also When I check status it says something about refund was deposited in the bank. I don't have a bank. Said maybe wrong routing number. I don't have a bank account, so WHERE is my refund?
  • Lance on

    I should have gotten my refund on a net spend card a while ago. I want to know where my money is. Where is my card?
  • Deb on

    I bought an Intuit Basic version of TurboTax and found Malware embedded it in. The Malware shut down my firewall and I lost control of my mouse and keyboard. Fortunately I was not connected to the internet at the time, because I'm paranoid. I bought TurboTax on CD at Walmart and the seal was intact. (I didn't want to download it because I thought that was a greater risk right now. Ha!) I've contacted the manufacturer, who has not yet responded and I've contacted someone I know at CRA, who has not responded yet either. I'll formally contact CRA right after this post. Any conspiracy theories? This disk is supposedly made in Canada and approved by CRA. The Malware in in the file that also contains a series of barcodes, not sure what else. I removed TurboTax immediately and didn't write down the name of the file. I will happily send the disk to either Intuit or CRA for investigation.
  • Carla Amsden on

    We had our Federal taxes filed for us using Turbo Tax by a cyber theif. Turbo tax claims no responsibility. We have used Turbo Tax for the last 7 years. We went to do our taxes last night and our log-on would not work. Tried to answer security questions. No luck. Called and finally talked with a person. You could tell by his tone we are not the only ones. Not only did someone use our info from Turbo tax, but Turbo Tax never sent any kind of email alerts to out email. Even after we had our log-on fixed we still had no idea we had been hacked. Turbo Tax let us file our 2014 taxes just like always. They even sent us an email saying our taxes had been completed. This morning we got an alert from Turbo Tax that the Federal tax had been denied. They still claim it was not them. We called the federal tax number. The federal tax people said our taxes had already been filed through Turbo Tax last month. They said they had used our last years information. We have had to file a police report and alert all of our credit cards. We have a credit protection alert already, but because they did our tax return we did not get an alert. Turbo Tax is responsible for the security breach and they need to own up to it. They have all our information. It will take months to get this fixed with the Fed tax dept if ever.
  • Rose on

    We switched to H&R Block this year. However, we used TurboTax the past several years. We were also rejected. The IRS person even asked how we did our taxes and mentioned turbotax had been breached at least twice. This is just a nightmare!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.