IRS Accidentally Exposed Tens of Thousands of Social Security Numbers
The Internal Revenue Service has reportedly posted the Social Security numbers of tens of thousands of people on the Internet before taking down the information when a whistleblower pointed out the mistake.
The Web site Public.Resource.org, which specializes in posting government documents in the public domain, discovered the privacy breach and promptly alerted the IRS, as well as the Treasury Inspector General for Tax Administration.
Public.Resource.Org founder Carl Malamud said in a statement that his organization found the IRS had posted a database containing the filings of Section 527 political organizations such as campaign committees. “This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers and citizens,” he wrote. “While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security Numbers is an extraordinarily reckless act.”
His site discovered the privacy breach on July 2 and notified TIGTA, documented its findings in an audit document, and sent copies to IRS officials and senior White House officials. On July 3 the administration removed the database from public view.
Malamud noted that Public.Resource.Org uncovered the data during an unrelated audit after the IRS notified the site last month that it had sent out an improperly vetted shipment of data on DVD for the January release of the Form 990-T, the Exempt Organization Business Income Tax Return. Because the IRS had publicly released the data in February, and had not notified recipients of the bulk data subscription of the privacy breach for several months, Malamud said Public.Resource.Org had conducted a systematic examination of the breach and how it was handled, and delivered that audit to the Inspector General on July 1.
“The tainted political money database run by the government on the Internet is just one symptom of a deeply broken dissemination strategy the IRS has insisted on pursuing,” he wrote. “The IRS deliberately dumbs down the e-filed returns of big nonprofits, many of which are able to hide lavish compensation schemes, excessive fundraising expenses, and other expenditures that have little to do with public benefit.”