The Internal Revenue Service is under fire for accidentally releasing as many as 2,319 Social Security numbers to the general public. Although the numbers were online less than 24 hours, consumers and privacy advocates are shocked by the IRS’ negligence.
Exposing the Social Security numbers places those individuals at tremendous risk for identity theft, tax fraud and other privacy scams.
How did this happen? It’s because the IRS releases a public database full of tax information from political not-for-profit groups known as 527s. Normally, any Social Security numbers associated with these 527s are scrubbed from the documents before their release. Unfortunately, January’s database somehow went live with the private Social Security numbers intact.
Is Your Social Security Number Safe? Most Likely Yes
The good news is that your information is most likely safe if you don’t work for a politically-oriented 527 nonprofit group. The only Social Security numbers leaked by the IRS’ error were numbers associated with members of these nonprofits.
When a 527 group files its tax forms with the IRS, this information is added to a public database that’s updated pretty regularly. These records are then routinely checked by a watchdog group known as Public.Resource.org, which is dedicated to transparency and public-domain issues. They take a look at the IRS’ activities to make sure private data is used properly.
But recently, the IRS actually reached out to Public.Resource.org with a message. That message? It asked the watchdog group to ignore the 527 records for January.
Obviously, Public.Resource.org’s response was to do the exact opposite.
Carelessness on the Part of the IRS
What Public.Resource.org found was distressing. Typically, the information for the 527 nonprofits groups is made public so that everyone can see what political nonprofit groups are doing with their funds. This encourages transparency and helps prevent abuse of donations or other charity scams.
But any sensitive, private information like Social Security numbers are supposed to be removed from any documents before they’re added to this public database.
Mashable notes that it looks like the IRS forgot to do that this last time:
“…of the more than 3,000 tax returns contained in the January update, 319 contained sensitive data the agency should have scrubbed…”
Cleaning up the IRS Mess
For what it’s worth, Public.Resource.org says that nobody accessed any of the Social Security numbers during the roughly 24-hour period that they were online.
The IRS caught the mistake and removed all the private information the very next day.
Still, Public.Resource.org isn’t too happy with the IRS, calling the government agency’s security practices “unprofessional and amateur.”
They’re also suggesting that the IRS shut down the entire 527 database, specifically to make sure that similar privacy violations don’t happen again.
What do you think? How would you react to a data breach like this one? Share your thoughts in the comments.
What Should You Do if Your Identity is Stolen? 3 Important Tips for Identity Theft Damage Control
How to Protect Yourself From Scams and Identity Theft in the New Year
IRS Issues $4 Billion in Tax Refunds to Scammers & Identity Thieves