IRS Leaks 120,000 Taxpayers’ Info, Blames ‘Human Coding Error’

The Internal Revenue Service (IRS) posted the confidential information of approximately 120,000 taxpayers before an error on its website was taken down Friday, The Wall Street Journal reported, citing officials within the IRS.

In a Friday letter to Congress, the IRS and Treasury Department blamed a human coding error from 2021, the first year that the Form 990-T was able to be filed electronically, the WSJ reported. The error resulted in nonpublic data being made available for download to users of the IRS website, and was not discovered until “recent weeks,” according to the WSJ.

“Form 990-T is the business tax return used by tax-exempt entities, including tax-exempt organizations, government entities and retirement accounts, to report and pay income tax on income that is generated from certain investments or income unrelated to their exempt purpose,” the IRS told the Daily Caller News Foundation in a statement. “The IRS is required to publicly disclose this information for 501(c)(3) organizations; however, similar information was inadvertently published for a subset of non-501(c)(3)s, which are not subject to public disclosure.”

The leaked data included names, contact and financial information for the IRA accounts associated with the Form 990-T, the WSJ reported. The information did not include “Social Security numbers, detailed account-holder information or individual income tax returns,” but did include individual names and business contact information, the IRS told the DCNF.

“The IRS is continuing to review this situation,” said Anna Canfield Roth, acting assistant secretary for management of the Treasury Department, in the letter obtained by the WSJ. “The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”

The IRS has had long-standing technological issues, with the agency struggling to update the around 60-year-old COBOL tax processing system or find employees qualified for its use, TIME reported.

Following security breachers, the IRS is required to notify lawmakers, the IRS reported. Affected filers will be notified within the “coming weeks,” the IRS told the DCNF.