The Internal Revenue Service mistakenly exposed tens of thousands of social security numbers on the Web.
The discovery was made by Public.Resource.org, a non-profit focused on sharing public legal and government materials, and came to light during the course of an unrelated audit sparked by IRS notifying the group in June that the agency had sent out an “improperly vetted shipment” of data on DVD in January, Carl Malamud, president and founder of Public.Resource.org, explained in a statement. Since the IRS had gone months without notifying recipients of the data of the privacy breach, the group decided to examine how the situation was handled and send an audit to the U.S. Treasury Inspector General for Tax Administration.
Through the audit, the group discovered social security numbers had been posted online, and were made available when conducting a search for Form 8871 and Form 887 for political organizations that file under Section 527. Currently, the ‘Political Organization Disclosure Search’ and ‘Political Organization Disclosure Download’ capabilities on the IRS website remain disabled.
“The database in question contains the filings of Section 527 political organizations such as campaign committees,” Malamud noted. “This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers, and citizens. While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security Numbers is an extraordinarily reckless act.”
According to FoxNews.com, an IRS spokesman said Monday that the agency had been made aware of the posting of a “substantial number” of Social Security numbers and had removed web access to the information “out of an abundance of caution.” The spokesman also said the agency is “assessing the situation and exploring available options.”
“It is with greatly conflicted feelings that we requested the administration make the political organization database go dark temporarily,” Malamud stated. “We understand that this is an essential tool for researchers and even temporary unavailability hurts their efforts. We hope and expect that the administration will act promptly to address the privacy violations and get the database back online.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
