Passwords Included with Many Happy Returns

TurboTax Tattles on 1099 One of the nicer aspects of tax preparation software is privacy -- it's just you, your checkbook and the IRS. A daunting enough prospect without worrying about anybody telling secrets out of school. Unfortunately, a glitch in TurboTax's 1099 import feature came close to spilling the beans. With the aim of making the investor's life easier, Intuit partnered with seven financial institutions -- Cititrade, Fidelity Investments, INVESCO Funds, Salomon Smith Barney, TD Waterhouse, T. Rowe Price, and The Vanguard Group -- to automate the importing of 1099 information (i.e., from the sale of stocks and other financial instruments) into TurboTax. But as late as April 4, both the TurboTax 2000 Windows and Web versions contained glitches that resulted in the user's brokerage

account password and/or PIN information being sent to Intuit, or stored (without the user's knowledge) on the computer's local hard drive. The bug affected TurboTax for the Web users who imported 1099 information before March 4, and TurboTax for Windows users who imported information between January 31 and March 4, and up to April 4 if they did not upgrade their software. TurboTax for Mac users are not at risk. Intuit Responds Intuit categorically states that any customer data sent them has not been "compromised," and all user account information "inadvertently and temporarily saved to Intuit's server" has been deleted, nor, claims Intuit, was any password or PIN information attached to the actual returns filed with the IRS or state agencies. Good enough, but if you don't consider your computer's hard drive a safe enough place to store unencrypted information, read on. Those who saved their TurboTax for the Web information to their hard drive (before March 4) should delete the file (the default pathname is \Windows\Temporary Internet Files\Content.Ie5\Kps00ewz\Tax2000[1].Tax), and then go to http://www.turbotax.com, open their existing account, and resave the information. TurboTax for Windows users should likewise download the upgrade and resave their returns using the same filename. This will overwrite the older file that contained the password information. Other Safeguards We emphasize again that this problem concerns only those TurboTax users who imported 1099 information under the conditions described above (which Intuit estimates to constitute approximately one percent of its users). Nevertheless, Intuit recommends that those users contact their respective financial institutions in order to confirm what other steps they can take to guarantee the security of their accounts. For example, according to James Gately, Managing Director of Direct Investor Services at The Vanguard Group, Vanguard has already disabled the passwords of shareholder members who utilized the 1099 import function. Vanguard members should have received a letter from the company describing the problem, the reasons for it, and how their passwords and PINs can be reset. Intuit has also created a web page that addresses this problem in depth, and includes a toll-free phone number for customers who have any questions or concerns. Note that this page cannot be accessed from TurboTax for Windows online support, and it does not come up in a site search. The URL must be entered directly. Letter From Vanguard to Their Customers Dear Voyager Client: Vanguard takes very seriously the security of our shareholders' personal account information. That is why we are writing to you today. Recently, Intuit informed Vanguard and its other six financial institution partners about a potential security issue within the TurboTax(R) software program. This issue has no impact on the accuracy of your 2000 tax return that you prepared using the software, and affects only those individuals who used the 1099 import process of Intuit's TurboTax software (either the web version or the CD-ROM version). The import process permits Vanguard shareholders, along with clients of the other six financial institutions, to import their 1099 information directly into the TurboTax product. During the 1099 import process, Intuit erroneously saved within the tax file your Vanguard.com password, as well as any of the other six financial institutions' passwords, you entered for the import process. This was due to a programming error in the TurboTax software and was recently corrected. Intuit has assured us that any saved passwords have been deleted. However, as a preventative measure, Vanguard has disabled the passwords of those shareholders who utilized the 1099 import function. To have your password reset, please contact us at 1-800-662-2739. While we recognize that this action may be inconvenient, Vanguard is committed to protecting the sensitive information of our shareholders. As such, we have taken this step as a necessary precaution to safeguarding your personal data. Additionally, if you are using the desktop application of the Intuit's TurboTax software, we strongly encourage you to update the version you are using currently.