Search This Blog

Powered by Blogger.

Blog Archive

Labels

IRS Accidentally Published Private Data of Nearly 120,000 Taxpayers

Private details of nearly 120,000 taxpayers exposed to non-profits and tax-exempt entities owing to a human error.

 

The Internal Revenue Service confirmed last week that it had accidentally exposed data for taxpayers’ IRAs to some non-profits and other tax-exempt entities, following a Wall Street Journal report that stated approximately 120,000 taxpayers who filed a form 990-T may have been impacted by the error.

Form 990-T is used for reporting 'unrelated business income' paid to a tax-exempt organization, such as nonprofits (charities) or IRA and SEP retirement accounts. The income is commonly generated from sales unrelated to a nonprofit's primary motive or real estate investments that pay income into an individual retirement account. 

According to the Treasury Department, only 501(c)(3) organizations are bound to make their Form 990-T available for public inspection. But in this case, a human coding error resulted in data from some non-501(c)(3)s also being made available for bulk download through the IRS' search portal for tax-exempt organizations. 

The Washington-based department stated the data leak was unearthed on August 26 but didn’t disclose how long the confidential information had been publicly available. Exposed data included names, contact details, and reported income for those IRAs. However, social security numbers, individual tax returns, and other sensitive data were not leaked. 

“The IRS recently discovered that some machine-readable (XML) Form 990-T data made available for the bulk download section on the Tax Exempt Organization Search (TEOS) should not have been made public. This section is primarily used by those with the ability to use machine-readable data; other more widely used sections of TEOS are unaffected.” Anna Canfield Roth, the Treasury’s acting assistant secretary for management, said in the letter. 

The Treasury announced that the data has been removed from the website, and the agency will replace them with the correct documents in the coming weeks. The IRS also plans to contact all the impacted taxpayers. Additionally, the IRS will notify Congress as it is bound to inform of any security incident involving more than 100,000 individuals under the Federal Information Security Modernization Act. 

“The IRS took immediate steps to address this issue. The files have been removed from IRS.gov and will be replaced with updated files in the near future. The IRS is continuing to review this situation. The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures,” Roth further stated.
Share it:

Data Breach

Data Leak

data security

IRS

Taxes

Taxpayers