IRS Data Leak Exposes Personal Info of 120,000 Taxpayers

The Internal Revenue Service has accidentally leaked confidential information for approximately 120,000 taxpayers who filed a form 990-T as part of their tax returns.

IRS Form 990T is used to report ‘unrelated business income’ paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts.

Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?

This income is commonly derived from sales unrelated to a nonprofit’s core purpose or real estate investments that pay income into an individual retirement account.

For regular taxpayers, these forms are meant to be confidential and seen only by the IRS. However, for nonprofits, a Form 990-T must be available for public inspection for three years.

On Friday, the IRS disclosed that in addition to sharing Form 990-T data for charities, they also accidentally included data for taxpayers’ IRAs that was not meant to be public. 

“The IRS recently discovered that some machine-readable (XML) Form 990-T data made available for bulk download section on the Tax Exempt Organization Search (TEOS) should not have been made public,” the IRS disclosed on Friday.

Also Read: How Does Ransomware Work? Examples and Defense Tips

“This section is primarily used by those with the ability to use machine-readable data; other more widely used sections of TEOS are unaffected.”

The Wall Street Journal reports that the data leak exposed info for approximately 120,000 taxpayers and included names, contact information, and reported income for those IRAs. However, the IRS states that the data did not include social security numbers, individual tax returns, or detailed account-holder information.

According to the Wall Street Journal, an IRS research employee discovered the data leak, which triggered a report to Congress on Friday.

The IRS states that the data has been removed and that they will send notifications to affected taxpayers in the coming weeks.