Tax filing software caught sending personal financial info to Meta: report
>
Several tax preparation services have been found sending sensitive financial information to Meta, including people’s income, application status, and even amounts won from college scholarships.
The information comes through a research report from The Markup (opens in new tab), who alleges that the implementation of Meta Pixel in tax reporting services led to inadvertent data collection by Meta.
Metapixel (opens in new tab) is a piece of Javascript code created by Meta that allows companies to track user activity as a way to measure “the effectiveness of [ads and the design]from their websites. It turned out that much more information than user activity was being sent, all without the user’s consent. Names of petitioners, dependents, email addresses and in some cases telephone numbers were among the leaked financial data. And it doesn’t matter if those users didn’t have an account on a platform owned by Meta. According to the report, Meta can still use this data to bolster its own advertising algorithm.
Google was also implicated in the report, but that situation seems less dire. A Google spokesperson states that the data collected is all jumbled and cannot be linked to a specific person.
Mixed messages
After reviewing the report and the various statements, there are many mixed messages coming from the companies. Actions do not match statements.
According to Meta’s own help center page (opens in new tab)does the tech giant prohibit other companies from forwarding financial data; however, information about people’s income was still being received. Tax filing services did give users the “option to refuse to share tax information,” but it didn’t matter because, again, the data was still being sent and received.
Several spokespersons said the tax reporting agencies they represent were unaware that Meta Pixel was sending so much information.
Now, however, several companies are changing the way they use the code. TaxAct, one of the services mentioned, will no longer send financial data to Meta, but will still send the names of dependents. Both TaxSlayer and Ramsey Solutions have removed the code from their websites. Others, such as H&R Block, continue to send information about “health savings accounts and college scholarships.”
The Markup questions these services’ claims that they were unaware that Meta Pixel was sending all this data. There is evidence, the report notes, suggesting that TaxAct purposely configured the Pixel code to include certain dollar amounts as “parameters to a custom event (opens in new tab),which allows them to be tracked. We contacted TaxAct and asked if it would make a statement on The Markup’s claim. This story will be updated if we hear anything.
Currently, there are no indications that the information collected has been misused. It is also unknown whether any of the companies involved will be fined. The Internal Revenue Service (IRS) has so far declined to comment on the situation, according to The Markup.
In trouble again
This isn’t the first time Meta Pixel has gotten its parent company or others into trouble. The tech giant is currently facing multiple lawsuits from across the United States (opens in new tab) about the Pixel code that is allegedly used to collect people’s health data and show them targeted ads. One complaint comes from Illinois, where it accuses Meta and attorney Aurora of “intercepting, accessing and disclosing … patient health information …”
We also asked Meta if it had a statement on The Markup’s report, and if there are any plans to change the Pixel code given the recent controversies. Again, we’ll update this story if we hear anything.
Be sure to check out the TechRadar guide at what to do if your tax information is stolen. While nothing malicious has been reported, it never hurts to be careful.