Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

IRS Mistake Exposes Thousands of Social Security Numbers

The Internal Revenue Service mistakenly exposed tens of thousands of social security numbers on the Web.

The Internal Revenue Service mistakenly exposed tens of thousands of social security numbers on the Web.

The discovery was made by Public.Resource.org, a non-profit focused on sharing public legal and government materials, and came to light during the course of an unrelated audit sparked by IRS notifying the group in June that the agency had sent out an “improperly vetted shipment” of data on DVD in January, Carl Malamud, president and founder of Public.Resource.org, explained in a statement. Since the IRS had gone months without notifying recipients of the data of the privacy breach, the group decided to examine how the situation was handled and send an audit to the U.S. Treasury Inspector General for Tax Administration.

Through the audit, the group discovered social security numbers had been posted online, and were made available when conducting a search for Form 8871 and Form 887 for political organizations that file under Section 527. Currently, the ‘Political Organization Disclosure Search’ and ‘Political Organization Disclosure Download’ capabilities on the IRS website remain disabled.

“The database in question contains the filings of Section 527 political organizations such as campaign committees,” Malamud noted. “This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers, and citizens. While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security Numbers is an extraordinarily reckless act.”

According to FoxNews.com, an IRS spokesman said Monday that the agency had been made aware of the posting of a “substantial number” of Social Security numbers and had removed web access to the information “out of an abundance of caution.” The spokesman also said the agency is “assessing the situation and exploring available options.”

“It is with greatly conflicted feelings that we requested the administration make the political organization database go dark temporarily,” Malamud stated. “We understand that this is an essential tool for researchers and even temporary unavailability hurts their efforts. We hope and expect that the administration will act promptly to address the privacy violations and get the database back online.”

Written By

Click to comment

Expert Insights

Related Content

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...