Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax accounts were breached in a credential stuffing attack. Credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites. TurboTax users who had their accounts temporarily deactivated have to contact Intuit using the company’s Customer Care department at 1-800-944-8596 and say “Security”” when prompted.”
Source: https://www.bleepingcomputer.com/news/security/tax-returns-exposed-in-turbotax-credential-stuffing-attacks/