The Internal Revenue Service (IRS) identified “an inadvertent” leak of confidential information of about 120,000 individuals.
The disclosed data comes from machine-readable (XML) Form 990-T – the business tax return used by tax-exempt entities. This specific download section is usually used by those with the ability to use machine-readable data, meaning that other sections were not impacted by the leak.
The form is used to report and pay tax on income received from certain investments or income unrelated to their exempt purpose. Although such data is regularly disclosed for 501(c)(3) organizations (such as charities), in this instance, the information of a subset of non-501(c)(3)s was made public.
Based on the currently available details, the leaked data did not include Social Security numbers, individual income information, detailed financial account data, or other sensitive information that could impact a taxpayer’s credit. However, it did occasionally include individual names or business contact information.
“In accordance with FISMA guidance, additional details will be forthcoming within 30 days, including summaries of our detection, response and remediation activities,” the officials said in a breach notice.
According to the Wall Street Journal, the leak happened due to a coding mistake when nonpublic data was mistakenly included with the public data in the website’s download section. The breach was first discovered by an IRS research employee.
Following the incident, IRS removed the publicly accessible files and will replace them shortly. All impacted filers will be notified about the breach.
More from Cybernews:
Subscribe to our newsletter