IRS Accidentally Exposed Tens of Thousands of Social Security Numbers
The Internal Revenue Service has reportedly posted the Social Security numbers of tens of thousands of people on the Internet before taking down the information when a whistleblower pointed out the mistake.
The Web site Public.Resource.org, which specializes in posting government documents in the public domain, discovered the privacy breach and promptly alerted the IRS, as well as the Treasury Inspector General for Tax Administration. This organization found the IRS had posted a database containing the filings of Section 527 political organizations such as campaign committees. “This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers and citizens,” he wrote. “While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security Numbers is an extraordinarily reckless act.”
This site discovered the privacy breach on July 2 and notified TIGTA, documented its findings in an audit document, and sent copies to IRS officials and senior White House officials. On July 3 the administration removed the database from public view.
Public Resource.Org uncovered the data during an unrelated audit after the IRS notified the site last month that it had sent out an improperly vetted shipment of data on DVD for the January release of the Form 990-T, the Exempt Organization Business Income Tax Return. Because the IRS had publicly released the data in February, and had not notified recipients of the bulk data subscription of the privacy breach for several months.