IRS admits it exposed confidential information of 120,000 taxpayers online

The Internal Revenue Service accidentally published confidential information involving about 120,000 taxpayers on its website before discovering the mistake and removing the data, officials said Friday.

The data shared came from Form 990-Ta business tax return document used by tax-exempt entities, including individual retirement accounts, to report and pay income tax on income generated from certain investments or income unrelated to their exempt purpose, the IRS said.

The “inadvertent” exposure included names, contact information and financial information about income within those IRAs. However, it did not include Social Security numbers, full individual income information, detailed financial account data or other sensitive information that could affect a taxpayer’s credit.

In some instances, the data did not include individual names or business contact information.


Internal Revenue Service

The IRS said that it would contact all affected individuals. (Al Drago/Bloomberg via Getty Images / Getty Images)

“The IRS took immediate steps to address this issue,” the agency said in a statement provided to FOX Business. “The files have been removed from and will be replaced with updated files in the near future. In addition, the IRS will also be working with groups that routinely use the files to remove the erroneous files and replace them with the correct versions as they become available.”

The agency said that it would contact all affected individuals.

Information included in Form 990-T — like all individual taxpayer data — is intended to be confidential in most instances. But charities with unrelated business income are supposed to file Form 990-T, which is supposed to be made public.

The IRS discovered the mistake in recent weeks and took “immediate steps to address this issue,” according to a letter sent to Congress by Anna Cothfield Roth, the acting assistant secretary for management at the Treasury Department.

IRS Commissioner Charles Rettig

Internal Revenue Service Commissioner Charles Rettig testifies before the House Ways and Means Oversight Subcommittee in Washington on March 17, 2022. (Kevin Dietsch/Getty Images / Getty Images)

Under federal law, the IRS must report the disclosure of private information to lawmakers within seven days of discovering that “a major incident has occurred.” The IRS determined that the data exposure fit that criteria one week ago, on Aug. 26.

“The IRS is continuing to review this situation,” Cothfield Roth wrote in the letter. “The Treasury Department has instructed the IRS to conduct a prompt review of its practices to ensure necessary protections are in place to prevent unauthorized data disclosures.”


The revelation comes shortly after President Biden signed into law a comprehensive health care and climate change package that will provide the IRS with an influx of $80 billion in funding to modernize the agency.

While Democrats have touted the funding as a way to crack down on wealthy tax cheats, Republican lawmakers have been quick to criticize it, warning that a stronger IRS could lead to increased audits on lower- and middle-income households.