I imagine that, like me, many of my fellow Kossacks use TurboTax. I offer this as a cautionary tale. I believe at minimum that TurboTax demonstrably does not follow basic common-sense data protocols in processing returns, and that there is a distinct possibility of a data breach extending beyond the widely reported recent issue involving the filing of fraudulent state tax returns.
I know for sure that Mrs. E's and my identities have been stolen.
Please follow me over the orange process map of touch-tone automated customer support.
So last night, when I tried to e-file Mrs. E's and my joint income tax return on TurboTax, the IRS system rejected my return because a previous return was filed using the same SSN. When I called the TurboTax Security line, they informed me that a return had been filed, via Turbotax, on February 24 -- a joint return with both Mrs. E's and my information.
Now, I had begun working on our own return in mid-February. This means, at minimum, the TurboTax system allowed for two separate returns with the same SSNs to be open and in process at the same time -- something I would like to have thought would be impossible. Further, given that the return had both my wife's and my information, that Mrs E. and I do not share the same last name (irl), and the return was filed in close proximity to when I had worked on mine, I would guess there is a decent chance that my info was accessed via TurboTax itself.
Other than confirming TurboTax's negligent data management practices, the Security Hotline was fairly useless. All they could do was email me a regurgitation of TurboTax's online help for identity theft victims. When I asked how do I escalate the problem so that TurboTax would, you know, investigate the fraud perpetrated through their own system, the poor contract call center person and her supervisor could only give me an email address, which was, wait for it...
wecare@intuit.com
Ha. Ha. Ha. Good one.
I have since begun the various steps to countering identity theft: paper filing with the IRS with affidavit of ID theft attached; FTC report; local police report; fraud alert at the credit bureaus, etc.
But it's pretty clear that TurboTax could not care less. The form email sent by their security center makes this ass-covering statement:
Unfortunately, identity thieves steal names and Social Security numbers outside of the tax filing process and then use tax software such as TurboTax to file fraudulent tax returns. Under these circumstances, both consumers like you and tax software companies, like TurboTax, become victims of these fraudsters
In this case, however, that fraudulent tax return was filed via TurboTax at the same time that an active return with the same SSNs was in progress. A basic failure on their part to implement even a minimal safety precaution.
The email goes on to say:
The IRS will most likely issue you a six digit PIN number that will be required for you to e-file next year. I want to let you know TurboTax will be here for you when and if you choose to e-file your return next year. We are able to use that PIN number to help secure your identity in next year's filing.
Not bloody likely, at this point.
Be careful out there, y'all!