IRS mistakenly publishes 112,000 taxpayer records for the second time

An IRS building in Washington DC
(Image credit: Getty Images)

The IRS accidentally republished 112,000 taxpayer data records in November after they were initially published as a result of a technical error earlier this year.

Blame for the incident has reportedly fallen on an outside contractor working on behalf of the IRS and tasked with managing a database for the government department.

The incident relates to the upload of 990-T forms which contain private information used by tax-exempt entities, including government entities and retirement accounts, to pay income tax on income that comes from specific investments or that which is unrelated to their exempt purpose, according to a letter sent to congressional leaders, Bloomberg Tax reported.

In September 2022, the IRS said that some Form 990-T data had been made available for bulk download in its Tax Exempt Organization Search (TEOS), which shouldn't have been made public. At the time, it removed the files and was set to replace them with updated files in the future.

However, this time a contractor reuploaded older files to the database with the original data, instead of new ones which ensured the forms were set to be kept private. The IRS had given the corrected data to the contractor on 23 November, but the contractor had not removed the old files from their system.

The IRS was only made aware of the files being available again on their website when a third-party researcher reached out. The IRS then told the contractor to remove them immediately.

Around 104,000 of 106,000 forms previously shared in September were reuploaded to the site. Some forms contained names or business contact information, and the IRS is currently contacting people affected by the data breach. When more than 100,000 forms suffer a disclosure, the IRS is forced by the law to inform Congress.

The revenue service is also reportedly reconsidering its relationship with contractor Accenture on this project. IT Pro has contacted the company for comment.

“The IRS is continuing to review the situation to identify opportunities to establish additional controls and strengthen existing controls to protect taxpayer information,” said US Treasury spokesperson John Rizzo.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.