Tax Filing Websites Caught Sending Users’ Financial Data to Facebook

From ExtremeTech: Filing your taxes is already stressful enough without the worry that your data will end up in the wrong hands. Thanks to several tax websites’ newly-discovered data sharing practices, this concern is likely to be prevalent during the 2023 tax filing season. H&R Block, TaxAct, and TaxSlayer have been found to send users’ financial data to none other than Facebook.

The three websites—which together help more than 25 million Americans file their taxes annually—use Meta’s JavaScript code (called “Meta Pixel”) to capture user data and send it Facebook’s way, according to the nonprofit tech investigations newsletter The Markup. H&R Block, one of the country’s most recognizable tax filing firms, was found using Meta Pixel to obtain users’ health savings account usage data as well as dependents’ college expense information. TaxAct was caught using the code to track users’ filing status, dependents, adjusted gross income, and refund totals. TaxAct appears to have lazily attempted to anonymize this data by scrambling dependent names and rounding income and refunds to the nearest thousand and hundred respectively; however, The Markup found the former obfuscation to be easily reversible.

TaxSlayer appears to have used Meta Pixel to capture the most detailed user information. Using a “Meta Pixel Inspector” it developed earlier this year, The Markup found that TaxSlayer habitually gathered users’ names, phone numbers, and dependent names. A specific form of TaxSlayer incorporated into personal finance celebrity Dave Ramsey’s websites also obtained users’ income and refund totals. When The Markup asked Ramsey Solutions about its use of Meta Pixel, the company said it hadn’t known about the code’s data-grabbing element and allegedly removed it from its sites. TaxAct similarly stopped capturing users’ financial data but continued to record dependents’ names.

View: Full Article