IRS Screw-Up Leaks Thousands of Social Security Numbers

Getty Images

The IRS’s bad year just keeps getting worse.

Already dealing with a scandal involving its higher scrutiny of political groups seeking nonprofit status, and the revelation that it claims the power to read taxpayers’ emails, the agency is now facing questions about how it wound up leaking the Social Security numbers of thousands of taxpayers.  

The issue arose within the agency’s searchable database of the filings of tax-exempt political groups, known as 527 Groups. Public.Resource.org, which has led the charge in pushing for greater transparency in the finances of these groups, took the unusual step of actually asking the IRS to take down the databases in question. The problem, it explained, is that the government forgot to redact the Social Security numbers of tens of thousands of individuals involved with those organizations.

The group says it notified the IRS of the oversight on July 2, and the database in question was taken down the next day.

“It is with greatly conflicted feelings that we requested the administration make the political organization database go dark temporarily,” says the group. “We understand that this is an essential tool for researchers and even temporary unavailability hurts their efforts. We hope and expect that the administration will act promptly to address the privacy violations and get the database back online.”

It’s not clear if any identity thieves noticed the screw-up and took advantage before the database was taken down. But it’s a good reminder of one of the fundamental truths of identity-theft protection: Even if you do a great job of protecting your data, the various businesses, organizations and groups with which you do business aren’t always going to be as careful.

That’s why you need to operate on the assumption that your personal data is going to be leaked at some point. Sometimes hackers will get into a website’s database of passwords, which is why it’s important not to repeat passwords across multiple sites. Sometimes they’ll get email addresses which can be used for phishing scams, which is why it’s important to treat any email that asks for your personal information with suspicion.

And as the IRS has just shown, sometimes your Social Security number — one item in the “holy trinity” of identity theft — can also wind up in the wrong hands, which is why it’s important to monitor your bank accounts and sign up for an identity-theft protection service to make sure no one else opens an account in your name.

Matt Brownell is the consumer and retail reporter for DailyFinance. You can reach him at [email protected], and follow him on Twitter at @Brownellorama.