IRS Says It Exposed Some Confidential Taxpayer Data on Website

The disclosures included names, contact information and financial information about income within those IRAs. It didn’t include Social Security numbers, full individual income information or other data that could affect a taxpayer’s credit, the Treasury Department determined, according to a letter that the administration is sending to key members of Congress on Friday.

Like most individual tax filings to the IRS, those forms are supposed to be confidential. But charities with so-called unrelated business income are also required to file Form 990-T, and those filings are supposed to be open to the public.

The IRS and Treasury Department blamed a human coding error that happened last year when Form 990-T began to be electronically filed. The nonpublic data was mistakenly included with the public data and all of it was available for searching and downloading on the agency’s website. The Wall Street Journal, which routinely analyzes nonprofit tax filings, downloaded at least some of the data before its removal.

An IRS research employee discovered the mistake in recent weeks, triggering a broader inquiry and leading to the removal of the data. As required under federal law governing major information-security incidents, the IRS notified Congress on Friday. Affected taxpayers will be notified in the coming weeks.

“The IRS is continuing to review this situation,” Anna Canfield Roth, the Treasury Department’s acting assistant secretary for management, told lawmakers in Friday’s letter. “The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”

The IRS has long struggled with aging information-technology systems and occasional instances of private taxpayer information being released.

Last year, the news organization ProPublica published tax data about many of the wealthiest and highest-income Americans, triggering investigations. So far, it is unknown where that data came from.

—Andrea Fuller and Laura Saunders contributed to this article.

Write to Richard Rubin at [email protected]

The disclosures included names, contact information and financial information about income within those IRAs. It didn’t include Social Security numbers, full individual income information or other data that could affect a taxpayer’s credit, the Treasury Department determined, according to a letter that the administration is sending to key members of Congress on Friday.

Like most individual tax filings to the IRS, those forms are supposed to be confidential. But charities with so-called unrelated business income are also required to file Form 990-T, and those filings are supposed to be open to the public.

The IRS and Treasury Department blamed a human coding error that happened last year when Form 990-T began to be electronically filed. The nonpublic data was mistakenly included with the public data and all of it was available for searching and downloading on the agency’s website. The Wall Street Journal, which routinely analyzes nonprofit tax filings, downloaded at least some of the data before its removal.

An IRS research employee discovered the mistake in recent weeks, triggering a broader inquiry and leading to the removal of the data. As required under federal law governing major information-security incidents, the IRS notified Congress on Friday. Affected taxpayers will be notified in the coming weeks.

“The IRS is continuing to review this situation,” Anna Canfield Roth, the Treasury Department’s acting assistant secretary for management, told lawmakers in Friday’s letter. “The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”

The IRS has long struggled with aging information-technology systems and occasional instances of private taxpayer information being released.

Last year, the news organization ProPublica published tax data about many of the wealthiest and highest-income Americans, triggering investigations. So far, it is unknown where that data came from.

—Andrea Fuller and Laura Saunders contributed to this article.

Write to Richard Rubin at [email protected]