The Internal Revenue Service earlier this year published confidential information about taxpayers on its website before finding the error and removing the data, the agency said Friday.
Form 990-T is used to disclose untaxable income, including by retirees with certain categories of business income. It is typically filed by about 120,000 people.
The inadvertent disclosures included names, contact information and financial information about income within those IRAs but did not include Social Security numbers, full individual income information or other data that could affect a taxpayer’s credit, according to a letter that the Treasury Department sent to key members of Congress on Friday that the Wall Street Journal reported.
“The IRS recently discovered that some machine-readable (XML) Form 990-T data made available for bulk download section on the Tax Exempt Organization Search (TEOS) should not have been made public,” the IRS said in a statement Friday.
“The IRS took immediate steps to address this issue. The files have been removed from IRS.gov and will be replaced with updated files in the near future. In addition, the IRS also will be working with groups that routinely use the files to remove the erroneous files and replace them with the correct versions as they become available. The IRS will contact all impacted filers in the coming weeks,” the tax agency added.
All taxpayer data and information is supposed to be confidential but charities with unrelated business income are also required to file Form 990-T and such tax filings are supposed to be made public.
The IRS and Treasury Department blamed the disclosure on a human coding error that happened last year when Form 990-T began to be electronically filed, the Journal reported.
The confidential taxpayer data was erroneously included with the public data and all of it became available for searching and downloading on the agency’s website in the past few weeks.
The Journal reported that an IRS research employee discovered the data sharing error in recent weeks which triggered an internal inquiry and then led to the removal of the data.
The IRS has notified key members of Congress regarding the incident, including the chairman and ranking members of the House Committee on Homeland Security and the Senate Judiciary Committee.
In its letter to lawmakers disclosing the data exposure, IRS said: “The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”
It added: “In accordance with FISMA guidance, additional details will be forthcoming within 30 days, including summaries of our detection, response and remediation activities.”
Editor’s note: This story was updated to include additional details about the notification letters sent to Congress.