The data has been removed from the website after the IRS said it discovered the mistake.

The US Internal Revenue Service inadvertently posted what is normally confidential information involving about 120,000 individuals before it discovered the error and removed the data from its website, the organization said last Friday.

“Based on the IRS’s review, the inadvertent disclosure included limited information for approximately 120,000 individuals. However, the data did not include Social Security numbers, individual income information, detailed financial account data, or other sensitive information that could impact a taxpayer’s credit. In some instances, the data did include individual names or business contact information,” the IRS said.

The data came from Form 990-T, often required for people with individual retirement accounts who earn certain types of business income from those retirement plans. Such people will have IRAs that are invested in master limited partnerships, real estate or other assets that generate income, not those whose IRAs are solely invested in securities (source: Wall Street Journal, September 2). 

The IRS statement on the matter said that charities with unrelated business income are required to file Form 990-T, and those filings are open to the public – which isn’t the case with most individual filings to the IRS.

The story comes at a sensitive time for the IRS, following moves by the Joe Biden administration to expand its budget to improve tax collection. The move has been attacked by critics, mostly on the political Right, for creating dangerous new powers for the organization. Separately, the publication of such data adds to concerns about financial privacy and cybersecurity. 

The IRS said that according to the Office of Management and Budget, its Guidance on Federal Information Security and Privacy Management Requirements mandates that agencies define any incident involving more than 100,000 individuals as a major incident.