Information of thousands ofU.S. taxpayers has been compromised as the U.S. Internal Revenue Service (IRSA) disclosed that it mistakenly exposed the data of 120,000 taxpayers.
The IRS stated that the objectionable data has been removed and that they will send notifications to affected taxpayers in the coming weeks.
IRS Data Leak Affects Form 990-T Tax-Exempt Users
The leak affected users of a specific type of business tax return, called the Form 990-T, which is used by tax-exempt entities, which includes charities and retirement accounts to settle income tax returns on income from investments or unrelated to these entities' primary purpose.
IRS Form 990T is utilized to report 'unrelated business income' paid to a tax-exempt entity, such as nonprofits (charities) or IRA and SEP retirement accounts.
This income is commonly culled from sales that is not related to the nonprofit's core purpose or real estate investments that provide income into an individual retirement account.
For regular taxpayers, these forms should be confidential and accessed only by the IRS. However, for nonprofits, the Form 990-T is available to the public for three years.
IRS Reveals Mistakenly Made Public Confidential Taxpayer Data
On Friday, the IRS reealed that in addition to sharing Form 990-T data for charities, they also inadertently included data for taxpayers' IRAs that was not supposed to be public.
Read Also: AT&T Data Breach 2021: Did Massive Cyberattack Really Expose 70 Million Users?
"Some machine-readable (XML) Form 990-T data (was)made available for bulk download section on the Tax Exempt Organization Search (TEOS)," the IRS discovered, and such data "should not have been made public."
This section, the IRS said, is primarily used "by those with the ability to use machine-readable data; other more widely used sections of TEOS are unaffected."
What was leaked? Names, Contact Info, Reported Income of Taxpayers
The Wall Street Journal reported that the data leak exposed info for approximately 120,000 taxpayers and included names, contact information, and reported income for those IRAs. However, the IRS stated that the data did not include social security numbers, individual tax returns, or detailed account-holder information.
The leak, however, did not include Social Security numbers, complete individual income information, detailed financial account data, or other "sensitive information that could impact a taxpayer's credit," the IRS further said.
Read Also: Facebook Data Breach 2021: FB Sues Hacker After Exposing 178 Million User Info
According to the Wall Street Journal report, an IRS research employee discovered the data leak, which triggered a report to Congress on Friday.
This isn't the first time the IRS has faced serious data protection problems.
Investigative journalists from ProPublica had published IRS data of some of the wealthiest individuals in the US including Jeff Bezos and Elon Musk, and the source of the leak is still unknown.
Related Article: T-Mobile Data Breach 2021: 100 Million Users Exposed in Latest Hacking, Is There a Fix?
