IRS mistakenly published confidential info for roughly 120K taxpayers

The Internal Revenue Service (IRS) mistakenly leaked confidential information for approximately 120,000 taxpayers.

Bad news for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns, the Internal Revenue Service has accidentally leaked their confidential information.

Form 990-T is a form that a tax exempt organization files with the IRS to report its unrelated business income and to figure the tax owed on that income.

On Friday, the IRS announced it has accidentally leaked data for taxpayers’ IRAs that was not meant to be public. The Treasury said the issue was discovered on August 26 but didn’t reveal how long the confidential information had been publicly available.

“The IRS recently discovered that some machine-readable (XML) Form 990-T data made available for bulk download section on the Tax Exempt Organization Search (TEOS) should not have been made public. This section is primarily used by those with the ability to use machine-readable data; other more widely used sections of TEOS are unaffected.” reads the statement from the Internal Revenue Service. “The IRS took immediate steps to address this issue. The files have been removed from IRS.gov and will be replaced with updated files in the near future.” 

Exposed data included names, contact information, and reported income for those IRAs. Social security numbers, individual tax returns, and other sensitive data were not exposed.

“The disclosure didn’t include Social Security numbers, income figures or information that could harm an individual’s credit, the department said. Some published information included names and contact information.” reported Bloomberg. “The mistaken disclosure could also give Republicans to push for lower IRS funding if they were to win majorities in Congress in the midterm elections. They have criticized the provision in the Democrats’ Inflation Reduction Act, passed last month, that grants the agency $80 billion in additional funding over a decade.”

The Treasury announced that the IRS would contact all impacted individuals in the coming weeks.

“The IRS is continuing to review this situation,” Anna Canfield Roth, the Treasury’s acting assistant secretary for management, said in the letter. “The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IRS)

[adrotate banner=”5″]

[adrotate banner=”13″]