From cnet.com
Hackers accessed tax return information stored with TurboTax using a stolen password from a third party, an Intuit spokesman said Monday.
The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns.
Only one account was accessed, the TurboTax spokesman said. The account was of a customer in Vermont.