IRS Again Fails to Protect Taxpayer Data

In a pre-Labor Day news dump, the IRS admitted to publishing 120,000 taxpayer forms in a public database. Names, contact information and financial information were all available for search and download on the IRS website. The Wall Street Journal reported it was able to find at least some of the information before government staff pulled it down. Bloomberg reports that the IRS knew the information was there since August 26, but there was no indication how long the information was available to the public. 

The data came from Form 990-T, which serves a dual purpose. Charities and other tax-exempt organizations with non-exempt business income must file Form 990-T and that information is public. This is for situations where an organization might have a business that provides funds for the exempt purpose, but the business itself is not “substantially related” to the exempt purpose of the group.  

But some Individual Retirement Accounts also use Form 990-T to report income generated from master limited partnerships, real estate or other assets that generate income. These Form 990-T returns should not be made public and contain sensitive taxpayer information. The IRS downplayed this danger, saying “the data does not include Social Security numbers, detailed account-holder information or individual income tax returns.” But names and addresses and financial information are all dangerous in the wrong hands. 

This is just another example of the IRS playing fast and loose with taxpayer data. ProPublica generated a lot of debate when it got its hands on taxpayer data, which NTUF criticized — both in getting the data and how the data is used to push a narrative. In the wake of the ProPublica leak, NTU has long called for Congress to tighten privacy protections at the IRS. Clearly the IRS has come off a Disastrous Filing Season and maybe the 87,000 new personnel would be better used for customer service and data protection than enforcement.