By Mimi Nguyen Ly
The Internal Revenue Service (IRS) said on Friday it accidentally exposed but has since removed the confidential financial information of about 120,000 taxpayers.
In a letter to Homeland Security Chairman Rep. Bennie Thompson (D-Miss.), Treasury Department acting Assistant Secretary for Management Anna Canfield Roth wrote that the IRS “recently identified an inadvertent and now-corrected disclosure of a subset of Forms 990-T,” and that “the inadvertent disclosure included limited information for approximately 120,000 individuals.”
Form 990-T (pdf) is the business tax return form used by tax-exempt entities to report business income or investments that are unrelated to their exempt purpose. Tax-exempt entities include certain organizations, government entities, and retirement accounts. Individuals who use this form mainly include people whose individual retirement accounts (IRAs) have investments, including in real estate or other assets, that generate income.
While the IRS is required to publicly disclose the Form 990-T for 501(c)(3) organizations, Roth said on Friday that some Form 990-T data were “inadvertently published for a subset of non-501(c)(3)s, which are not subject to public disclosure.”
Specifically, the agency found that “some machine-readable (XML) Form 990-T data made available for bulk download on the Tax Exempt Organization Search (TEOS) should not have been made public.” The section is mainly used by people with the ability to use machine-readable data. Other more widely-used sections of TEOS were unaffected, Roth told Thompson.
The IRS “took immediate steps” and “removed the errant files from IRS.gov.” It “will replace them with updated files in the next few weeks,” Roth said on Friday.
She noted that the disclosure included “limited information” for the 120,000 individuals, adding that in some instances, the data “did include individual names or business contact information.”
According to the Wall Street Journal, which first reported on the disclosure, the data also included financial information about income within people’s IRAs.
“However, the data did not include Social Security numbers, individual income information, detailed financial account data, or other sensitive information that could impact a taxpayer’s credit,” she wrote.
The IRS is “continuing to review this situation” and has been instructed by the Treasury Department to “conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”
She said that more details will come within the next 30 days, including summaries of the IRS’s response to the disclosure.