"IRS Leaks 120,000 Taxpayers' Personal Details"

The US Internal Revenue Service (IRS) accidentally posted sensitive taxpayer data to its site, potentially putting those affected at risk of follow-on fraud.  The IRS noted that the problem stemmed from the machine-readable (XML) Form 990-T.  Form 990-T is the business tax return used by tax-exempt entities, including tax-exempt organizations, government entities, and retirement accounts, to report and pay income tax on income that is generated from certain investments or income unrelated to their exempt purpose.  The IRS stated that it is required to publicly disclose this information for 501(c)(3) organizations; however, similar information was inadvertently published for a subset of non-501(c)(3)s, which are not subject to public disclosure.  A letter from the IRS to Congress noted that individual business names and business contact information were leaked in the privacy snafu.  An estimated 120,000 individuals were impacted, passing the 100,000 figure, which requires notification to lawmakers.  The IRS noted that data affected by the leak did not include Social Security numbers, individual income information, detailed financial account data, or other sensitive information that could impact a taxpayer’s credit.  However, it was reportedly left publicly available for a year and resulted from a coding error that went undetected for months until an employee spotted the mistake.  The IRS noted that it took immediate steps to address this issue and that the files have been removed from IRS.gov.

Infosecurity reports: "IRS Leaks 120,000 Taxpayers' Personal Details"