IRS Data Leak Exposes Taxpayer Information

The IRS has admitted that some taxpayer data that shouldn't have been publicly accessible was available for viewing.
Aaron Drapkin

The Inland Revenue Service (IRS) has inadvertently exposed the data of 120,000 US taxpayers, making it the latest high-profile organization to fall foul to poor security practices.

This isn't the only time the agency has made the headlines in the past few weeks, having recently been at the center of a row between Republicans and Democrats regarding its expansion and funding.

Data leaks and breaches are becoming increasingly common, as is the usage of tech like password managers to combat them and training for staff to spot threats like email phishing campaigns.

What IRS Data was Leaked, and How?

The 120,000 people whose data was exposed had all filled in a 990-T form. These forms detail “unrelated business income” made by organizations and individuals that aren’t required to pay tax, such as non-profits or retirement accounts.

The IRS has to release information from 990-Ts for public inspection when they’re filed by 501(c)(3) organizations.

The government agency says tax returns filed by other taxpayers should have been screened out of this process. In this case, however, that didn’t happen, and all of the 990-Ts in its database were able to be viewed.

Personal data included names, business contact information, and investment-derived income from some assets.

The database was able to be viewed for almost a year via the IRS website before its recent discovery, although the agency confirmed in a statement on September 2 that it had now been removed from the domain.

IRS Under Pressure

The data leak comes at a bad time for the IRS, which has been in the spotlight recently, with Republicans decrying the Democrat’s decision to inject $80 billion of funding into the organization as part of the Inflation Reduction Act.

Democrats argue that the extra funding will expand the IRS’s ability to provide good customer service, audit the country’s wealthiest taxpayers, and generally boost tax code enforcement resources.

In early August, the IRS still had a backlog of 9.7 million unprocessed tax returns from 2021, largely due to the impact of the pandemic and the subsequent stimulus checks passed through congress.

Stopping Data Leaks and Breaches

Data leaks like this one are often down to human error and, specifically, publicly publishing sensitive data. Other data leaks arise from poorly protected systems that store sensitive information.

Data breaches, on the other hand, often start with weak account credentials, hence the rise of password managers, which help employees create robust and unique passwords that are harder to crack.

However, many data breaches are also down to poorly configured security systems that have fatal gaps, or simply outdated software that can’t cope with the sophisticated nature of recent cyber attacks.

In order to stop your business from becoming the victim of a leak or a breach, ensure your systems are up to date, and that staff’s accounts aren’t an easy way in for malicious actors.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals