Alert! IRS Data Breach Compromises Sensitive Info of 112,000 Taxpayers

According to a report by Bloombergtax on December 16, 2022, Internal Revenue Service (IRS) in the United States has announced that confidential data belonging to around 112,000 taxpayers was inadvertently published online in late November.

The data, in the form of Form 990-T, was meant to be private but had been taken offline. However, a contractor working for the IRS accidentally uploaded an old file that still contained most of the private data.

The agency Is required to make Form 990-Ts filed by non-profit groups available online but is supposed to keep the form filed by individuals private.

In September, an internal programming error caused the release of private forms along with those filed by non-profits. This time, the contractor reuploaded the older file with the original data instead of a new file that filtered out the forms that needed to be kept private.

The IRS shared corrected data with the contractor on November 23, but the old files had not been removed from their system.

A third-party researcher alerted the IRS that the files were back online on December 1 and the IRS ordered the contractor to take them down immediately. Approximately 98% of the forms that were disclosed in September, a total of 104,000, have been disclosed again this time.

While credit-sensitive information such as Social Security numbers was not disclosed in the data, which was identical to what was accidentally released the first time, some forms did contain names or business contact information that should have remained private. The IRS is in the process of contacting those impacted by the release.

The agency is reportedly reconsidering its relationship with the contractor Accenture on this project. A spokesperson for Accenture could not be reached for comment. The IRS is reviewing the situation to identify opportunities to establish additional controls and strengthen existing controls to protect taxpayer information.