TurboTax Hack: Intuit Says There Was No Data Breach, Users Are Not at Risk

TurboTax parent company Intuit said Monday that it did not suffer a data breach that resulted in a third party gaining access to the personal information of users. The company shared the statement Monday, after a blog post was released earlier in the day claiming that the company had suffered a breach.

"A recent blog post referencing a data breach of Intuit is inaccurate. The document referenced in the blog post was a notification to a state that a customer's account experienced unauthorized access by a third party using legitimate log-in credentials that Intuit believes were obtained from sources outside the company," read the statement from Intuit.

TurboTax logo on screen
Kimberly White/Getty Images for TurboTax

Intuit is a software company that mainly works with financial products that allow users to easily complete and file their taxes online. QuickBooks and Mint are also with Intuit.

The post claiming that the company had suffered a breach was published on the website Dark Reading, and cited a disclosure letter that was filed in Vermont. That letter, while it was filed, was actually notifying the state of Vermont that a user profile had been accessed, not due to a breach, but instead with the user's actual credentials. "The individual's account login information may have been acquired from any number of sources outside of Intuit," said Intuit on Monday.

The company used its support Twitter account Monday to respond to people sharing the Dark Reading blog post.

"In instances of unauthorized account access Intuit conducts an investigation and takes steps to secure our customers' account and information. A part of this process is notification to a customer of unauthorized access to their account and to select states," read the statement from Intuit, adding that the protection of its customers was its "top priority."

Intuit did not immediately respond to Newsweek's request for comment.

TurboTax Hack: Intuit Says There Was No Data Breach, Users Are Not at Risk | U.S.