HRB Tax Group, Inc., better known as H&R Block, experienced a significant data breach that exposed sensitive consumer information. The breach, which occurred on May 13, 2024, was discovered by the company on August 9, 2024.
A total of 23,067 individuals in the United States were affected by this breach, with specific impacts in states such as Texas (640 individuals), Maine (24 individuals), and Massachusetts (38 individuals).
The exposed information includes highly sensitive data such as:
The breach was officially disclosed to various state attorney general offices in December 2024. For example, the Maine Attorney General's office received the disclosure on December 20, 2024, while the California Attorney General's office was notified on December 27, 2024. Similarly, the Massachusetts Attorney General's office was informed on December 27, 2024.
Consumers were notified of the breach via written U.S. mail on November 26, 2024. The breach’s severity is underscored by the type of information exposed, which could potentially lead to identity theft, financial fraud, and other risks for affected individuals.
In response to the breach, HRB Tax Group, Inc. took steps to notify affected individuals promptly. Consumers were informed through written notices sent by U.S. mail, detailing the nature of the breach and the types of information that were exposed. Additionally, the company fulfilled its obligation to report the breach to multiple state attorney general offices, including Texas, California, Maine, and Massachusetts.
While specific details about how the breach occurred or what measures have been implemented to prevent future incidents were not disclosed, the company’s notification efforts demonstrate compliance with legal requirements for data breach reporting.
If you have been notified that your information was part of this breach, it is crucial to take immediate action to protect yourself. Here are some steps you should consider:
Taking these steps can help mitigate the risks associated with the exposure of sensitive information.