The IRS (Internal Revenue Service) on Friday acknowledged that it accidentally exposed the confidential data of 120,000 taxpayers. The data was posted on its website for a year before an IRS researcher recently discovered the error and the data was removed from its website.
The accidentally leaked data did not include any include Social Security numbers, detailed account-holder information, or individual income tax returns (Forms 1040), the IRS said in a statement.
However, it included information from Form 990-T, which is used by tax-exempt organizations, government entities, and retirement accounts, to report and pay income tax on income that is generated from certain investments or income unrelated to their exempt purpose. In some instances, the data included individual names or business contact information.
The IRS is required to publicly disclose this information for only 501(c)(3) organizations. However, an error mistakenly resulted in data from some machine-readable (XML) Form 990-T for non-501(c)(3)s also being made available for bulk download via the Tax Exempt Organization Search (TEOS) tool on its website, which is not subject to public disclosure, the agency said.
“The IRS took immediate steps to address this issue. The files have been removed from IRS.gov and will be replaced with updated files in the near future. In addition, the IRS also will be working with groups that routinely use the files to remove the erroneous files and replace them with the correct versions as they become available,” the IRS said in a statement.
“The IRS will contact all impacted filers in the coming weeks. The IRS is continuing to review this situation.”
The incident was first reported by the Wall Street Journal, which was able to download at least some of the exposed data before its removal. The publication determined that the leaked data included people’s income within their IRAs too, which has not been confirmed by the IRS in its statement.
The Journal reported that the Treasury Department has planned to inform “key members of Congress” about the accidental disclosure.
“The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures,” Anna Canfield Roth, the Treasury Department’s acting assistant secretary for management, told lawmakers in Friday’s letter.