The US tax authorities accidentally put sensitive data of more than a hundred thousand citizens online, the agency itself admits.
The Internal Revenue Service, or IRS, committed the blunder with citizens who filled out a certain form (990-T) to declare additional income, often related to nonprofits. Those forms are normally confidential, except for nonprofit organizations. However, the form must be made public for the latter group for three years.
That’s where it went wrong because the IRS had inadvertently put the forms for both nonprofits and ordinary citizens online. It does qualify, however, that this mainly concerns XML data, which is mainly read automatically. The error was discovered on August 26 and immediately corrected since the data was online is unknown.
According to the Wall Street Journal, it concerns names, contact details, and the income that citizens themselves declare. Other sensitive personal data such as the social security number or details about their declaration were not shared. The affected people will be informed about the data breach.