The Inland Revenue Service (IRS) has inadvertently exposed the data of 120,000 US taxpayers, making it the latest high-profile organization to fall foul to poor security practices.
This isn't the only time the agency has made the headlines in the past few weeks, having recently been at the center of a row between Republicans and Democrats regarding its expansion and funding.
Data leaks and breaches are becoming increasingly common, as is the usage of tech like password managers to combat them and training for staff to spot threats like email phishing campaigns.
What IRS Data was Leaked, and How?
The 120,000 people whose data was exposed had all filled in a 990-T form. These forms detail “unrelated business income” made by organizations and individuals that aren’t required to pay tax, such as non-profits or retirement accounts.
The IRS has to release information from 990-Ts for public inspection when they’re filed by 501(c)(3) organizations.
The government agency says tax returns filed by other taxpayers should have been screened out of this process. In this case, however, that didn’t happen, and all of the 990-Ts in its database were able to be viewed.
Personal data included names, business contact information, and investment-derived income from some assets.
The database was able to be viewed for almost a year via the IRS website before its recent discovery, although the agency confirmed in a statement on September 2 that it had now been removed from the domain.
IRS Under Pressure
The data leak comes at a bad time for the IRS, which has been in the spotlight recently, with Republicans decrying the Democrat’s decision to inject $80 billion of funding into the organization as part of the Inflation Reduction Act.
Democrats argue that the extra funding will expand the IRS’s ability to provide good customer service, audit the country’s wealthiest taxpayers, and generally boost tax code enforcement resources.
In early August, the IRS still had a backlog of 9.7 million unprocessed tax returns from 2021, largely due to the impact of the pandemic and the subsequent stimulus checks passed through congress.
Stopping Data Leaks and Breaches
Data leaks like this one are often down to human error and, specifically, publicly publishing sensitive data. Other data leaks arise from poorly protected systems that store sensitive information.
Data breaches, on the other hand, often start with weak account credentials, hence the rise of password managers, which help employees create robust and unique passwords that are harder to crack.
However, many data breaches are also down to poorly configured security systems that have fatal gaps, or simply outdated software that can’t cope with the sophisticated nature of recent cyber attacks.
In order to stop your business from becoming the victim of a leak or a breach, ensure your systems are up to date, and that staff’s accounts aren’t an easy way in for malicious actors.