HARTFORD (AP) — In the latest update to information concerning a major data breach of Anthem Inc that may have compromised personal information of millions of its customers across the state, Connecticut’s tax commissioner is urging taxpayers expecting federal or state income tax refunds who may be affected by the Anthem data breach to file their taxes quickly.

Kevin Sullivan, head of the Connecticut Department of Revenue Services, said the personally identifiable information apparently hacked at the Anthem health insurance company “is exactly what tax fraud thieves use to make false refund claims that appear to be legitimate.”

Connecticut officials said about 1.14 million people in the state, including more than 180,000 state employees and retirees, are covered by Anthem and may have been affected by the data breach. Anthem is the largest insurer in the state.

Mr Sullivan also warned taxpayers using Turbo Tax to be aware of fake emails seeking personal information to ultimately steal tax refunds.

“Never, ever reply to online inquiries like this without first confirming directly with Turbo Tax or its parent company, Intuit, that the email is legitimate,” he warned.

Turbo tax users concerned about the security of their information may call a dedicated toll free number at intuit at 800-944-8596.

News of the breach was made public on February 5, when Connecticut Attorney General George Jepsen and state Department of Consumer Protection Commissioner Jonathan A. Harris sent a letter to the Indiana-based health insurer about the reported breach.

AG Jepsen and Commissioner Harris immediately advised all Connecticut residents who may be affected by the breach to report any suspicious activity on their credit report or other financial accounts to law enforcement authorities immediately. Suspicious activity can also be reported to the Office of the Attorney General’s Privacy Task Force by emailing attorney.general@ct.gov or calling 860-808-5318.

The following day, Anthem issued an announcement that customers who may have been impacted by the cyber attack should be aware of scam email campaigns that are also targeting current and former Anthem members.

Anthem has reported that customer information going back at least five years may be part of the data breach.