TurboTax News TurboTax is Secured Against the “Heartbleed” Internet Vulnerability Read the Article Open Share Drawer Share this:Click to share on Facebook (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Pinterest (Opens in new window)Click to print (Opens in new window) Written by TurboTaxBlogTeam Published Apr 9, 2014 - [Updated Sep 7, 2017] 2 min read Updated 4/11/14 (12:05 pm PST) The article below has been updated with the latest recent information from our engineers. A security flaw has been discovered in the popular OpenSSL cryptographic software library that is used by up to two thirds of the Internet, called Heartbleed. TurboTax engineers have verified TurboTax is not affected by “Heartbleed.” You can be confident that TurboTax websites are secure and your personal and financial information is safe. You can file your tax return today with confidence. Safeguarding our customers’ data is our top priority. We continuously monitor our systems to improve our security capabilities in service to our customers. Even though TurboTax was not vulnerable, we have taken additional security precautions to protect the security and privacy of customers’ personal and financial information. The IRS continues to accept tax returns as normal and has stated that their systems continue operating and are not affected by this bug. The IRS advises taxpayers to continue filing their tax returns as they normally would in advance of the April 15 tax deadline. Frequently Asked Questions Here are answers to questions you may have: Should I file today? Or wait? TurboTax is safe to use and you can file today. There’s no reason to wait. Our engineers have verified TurboTax is not affected by “Heartbleed.” Do I need to change my password? You can update your password at any time, although we are not proactively advising you to do so. Online tools/websites show that your sites are failing the security grade, so are you OK? Our engineers have verified TurboTax is not affected by “Heartbleed”. Even though we were not vulnerable, and had no need to do so, we decided to rotate the certificates on our key tax sites to help address some of your concerns and clear up the confusion. That effort has been completed. We have changed the certificates on turbotax.intuit.com (the front door to all of our turbotax applications) and accounts.intuit.com (where we manage your usernames/passwords). If you visit those sites and examine the details of the certificate in your browser, you will see issue dates of April 9th, 2014 – which indicates that the certificates are brand new. Can you confirm that you were never vulnerable to begin with? We continuously monitor our systems and have no indication that TurboTax.com was ever vulnerable. Earlier this week, we did patch a couple of support services to protect against the Heartbleed security vulnerability. We’re confident that TurboTax is safe to use. The fact is, the vast majority of our servers do not use the version of SSL that was vulnerable to Heartbleed. Previous Post TurboTax and Sprintax Now Make Filing Easier for Non-Resident Taxpayers Next Post New TurboTax Mobile App Lets Users Move Seamlessly Across Devices Written by TurboTaxBlogTeam More from TurboTaxBlogTeam 74 responses to “TurboTax is Secured Against the “Heartbleed” Internet Vulnerability” « Older Comments Does this statement also apply to Turbotax Canada? Reply I used turbotax.ca and I used my brand new credit card to do my taxes in early march. No other internet site has my credit information. Last week someone charged up alot of stuff luckily my bank caught it. Reply I used turbo tax last year, for the first time. This year, I went to file our taxes through Turbo Tax, only to have them tell me our taxes had be already been filed three weeks earlier. I called, and sure enough, someone had used my husband’s SS# to file taxes in his name, using his phone number (except for changing the last digit) and having it sent to a home in Fullerton, CA. We have lived all our lives in Louisiana, and have always filed married/jointly. This person filed single. The fact that it was a different state, different filing status, WAY different email address (which, in itself indicates suspicion because it was so strange: govatyjutisu@hotmail.com . . . REALLY???) NONE of that raised a flag with Turbo Tax. This was obviously a scam, as our refund was mailed to a house that is up for sale in CA. I will NEVER use Turbo Tax again. I will only use the IRS site, using fillable forms, printing them out and mailing them in. I’m done and totally disgusted by this…not to mention paranoid. Reply I filed through Turbo Tax software i purchased, I live in Ontario. I chose the option to have turbotax netfile my return to CRA. Even though turbo tax is saying they have not been affected, is it still possible that my info could have been compromised with the CRA’s website or Netfile? Reply Had issues purchasing the product online that required me to spend 45 mins on hold and then the live TurboxTax rep solved it quickly. Then Spent another 45 mins on hold another day due to issue with TurboTax handling me working in one state and living in another. Then when I filed my taxes, TurboTax would not take my credit card. Had to pay the $34.99 to take it out of my bank account. Been using TurboTax for years now. Quality was definately off this year. I hope they improve next year or I will need to look for an an alternative to TurboTax. Reply So, if you are so confident that our tax returns will be safe using TurboTax, then do what Lifelock does and guarantee that our data is safe and secure with a $1 Million guarantee. We’ll wait for your response……. Reply Until Intuit identifies what customer information was on the affected services we have no choice but to assume everything passed to them in the past 2 years was vulnerable to compromise. Reply « Older Comments Leave a ReplyCancel reply Browse Related Articles Latest News How to File Taxes for Free with TurboTax Mobile App Offer Business Taxes Meet Robin Life Meet Drew Latest News President Trump’s Tax Proposals: Overtime Tax, Taxes on Tips, and Tax Cuts and Jobs Act Extension and More Business Taxes Small Business Taxes: Expert Advice for Filing Your Return Income Tax by State Arizona State Income Tax in 2025: A Guide Income Tax by State Nevada State Income Tax in 2025: A Guide Income Tax by State Alabama State Income Tax in 2025: A Guide Income Tax by State Alaska State Income Tax in 2025: A Guide Income How a TikTok Shutdown Could Affect Creator Income and Taxes
I used turbotax.ca and I used my brand new credit card to do my taxes in early march. No other internet site has my credit information. Last week someone charged up alot of stuff luckily my bank caught it. Reply
I used turbo tax last year, for the first time. This year, I went to file our taxes through Turbo Tax, only to have them tell me our taxes had be already been filed three weeks earlier. I called, and sure enough, someone had used my husband’s SS# to file taxes in his name, using his phone number (except for changing the last digit) and having it sent to a home in Fullerton, CA. We have lived all our lives in Louisiana, and have always filed married/jointly. This person filed single. The fact that it was a different state, different filing status, WAY different email address (which, in itself indicates suspicion because it was so strange: govatyjutisu@hotmail.com . . . REALLY???) NONE of that raised a flag with Turbo Tax. This was obviously a scam, as our refund was mailed to a house that is up for sale in CA. I will NEVER use Turbo Tax again. I will only use the IRS site, using fillable forms, printing them out and mailing them in. I’m done and totally disgusted by this…not to mention paranoid. Reply
I filed through Turbo Tax software i purchased, I live in Ontario. I chose the option to have turbotax netfile my return to CRA. Even though turbo tax is saying they have not been affected, is it still possible that my info could have been compromised with the CRA’s website or Netfile? Reply
Had issues purchasing the product online that required me to spend 45 mins on hold and then the live TurboxTax rep solved it quickly. Then Spent another 45 mins on hold another day due to issue with TurboTax handling me working in one state and living in another. Then when I filed my taxes, TurboTax would not take my credit card. Had to pay the $34.99 to take it out of my bank account. Been using TurboTax for years now. Quality was definately off this year. I hope they improve next year or I will need to look for an an alternative to TurboTax. Reply
So, if you are so confident that our tax returns will be safe using TurboTax, then do what Lifelock does and guarantee that our data is safe and secure with a $1 Million guarantee. We’ll wait for your response……. Reply
Until Intuit identifies what customer information was on the affected services we have no choice but to assume everything passed to them in the past 2 years was vulnerable to compromise. Reply