IRS Says It Accidentally Exposed Confidential Taxpayer Data

The IRS has stated that it inadvertently posted the confidential information of 120,000 individuals to a public website before discovering the error.

The Wall Street Journal reports that the IRS recently stated that it accidentally posted what is usually confidential information involving approximately 120,000 individuals before discovering the error and removing the information from its website. The data comes from Form 990-T, which is often required for people with individual retirement accounts who earn certain types of business incomes relating to those retirement plans.

Those using Form 990-T usually includes peoples whose IRAs are invested in master limited partnerships real estate, or other income-generating assets. The details on Form 990-T usually include names, contact information, and financial information about income.

The form’s did not include Social Security numbers, full individual income information, or other data that could affect a taxpayer’s credit, according to the Treasury Department. The administration is also reportedly sending key members to Congress on Friday to discuss the leak.

The forms are meant to be confidential like most individual tax filings to the IRS, but charities are also required to file Form 990-T and those filings are meant to be open to the public. The IRS and Treasury Department blamed the issue on a human coding error that happened last year when Form 990-T began to be electronically filed.

The non-public data was accidentally included with the public data and was available for searching and downloading on the agency’s website. The Wall Street Journal, which regularly analyzes nonprofit tax filings, downloaded some of the data before its removal.

Anna Canfield Roth, the Treasury Department’s acting assistant secretary for management, told lawmakers in a letter on Friday: “The IRS is continuing to review this situation. The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”