A small number (approximately 150,000) of taxpayers are affected by a security glitch in the TurboTax software, according to reports from Intuit.
The problem, which has been corrected, occurred when users took advantage of a new TurboTax feature to automatically download investment data into their tax return preparation forms. The companies which have partnered with TurboTax to provide this service are Vanguard Group, Citigroup Investment Service's Cititrade Account, Fidelity Investments, Invesco Funds, Salomon Smith Barney, TD Waterhouse and T. Rowe Price.
If a taxpayer used the automatic download feature, a password PIN was stored with Intuit and this password was not protected with security encryption. A hacker could have been able to access the taxpayer's password and subsequently access the taxpayer's financial data with the investment company.
Intuit discovered the problem in early March and deleted the passwords from computer servers it at that time. The participating investment companies were notified and investors received information about the glitch as well as recommendations to change their passwords. Some of the companies, including Vanguard, immediately nullified passwords of all investors who had requested their data to be downloaded into their TurboTax tax return - those investors were required to create a new password.
TurboTax users are advised to download the current upgrade to the software before completing tax return preparation. The download is an automatic feature in the TurboTax software. To make sure your version is updated, choose Online, One-Click Updates from the TurboTax menu.