H&R Block Data Breach Affects 23,067 Clients Exposing Social Security Numbers

HRB Tax Group, Inc., better known as H&R Block, experienced a significant data breach that exposed sensitive consumer information. The breach, which occurred on May 13, 2024, was discovered by the company on August 9, 2024.

A total of 23,067 individuals in the United States were affected by this breach, with specific impacts in states such as Texas (640 individuals), Maine (24 individuals), and Massachusetts (38 individuals).

The exposed information includes highly sensitive data such as:

• Social Security numbers
• Financial account information
• Driver’s license numbers

The breach was officially disclosed to various state attorney general offices in December 2024. For example, the Maine Attorney General's office received the disclosure on December 20, 2024, while the California Attorney General's office was notified on December 27, 2024. Similarly, the Massachusetts Attorney General's office was informed on December 27, 2024.

Consumers were notified of the breach via written U.S. mail on November 26, 2024. The breach’s severity is underscored by the type of information exposed, which could potentially lead to identity theft, financial fraud, and other risks for affected individuals.

HRB Tax Group's response

In response to the breach, HRB Tax Group, Inc. took steps to notify affected individuals promptly. Consumers were informed through written notices sent by U.S. mail, detailing the nature of the breach and the types of information that were exposed. Additionally, the company fulfilled its obligation to report the breach to multiple state attorney general offices, including Texas, California, Maine, and Massachusetts.

While specific details about how the breach occurred or what measures have been implemented to prevent future incidents were not disclosed, the company’s notification efforts demonstrate compliance with legal requirements for data breach reporting.

Steps to take if you are affected by the data breach

If you have been notified that your information was part of this breach, it is crucial to take immediate action to protect yourself. Here are some steps you should consider:

1. Monitor your financial accounts: Regularly check your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your financial institution immediately.
2. Place a fraud alert or credit freeze: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your credit file. Alternatively, you can request a credit freeze to prevent new accounts from being opened in your name.
3. Review your credit report: Obtain a free copy of your credit report at AnnualCreditReport.com and review it for any unfamiliar accounts or inquiries.
4. Be cautious of phishing attempts: Scammers may use the exposed information to contact you via email, phone, or text. Avoid clicking on suspicious links or providing personal information to unknown parties.
5. Consider identity theft protection services: If offered by H&R Block or independently, enrolling in identity theft protection can provide additional monitoring and recovery assistance.

Taking these steps can help mitigate the risks associated with the exposure of sensitive information.