updated 03:09 pm EDT, Mon July 8, 2013
Government database taken offline after sensitive data found
The Internal Revenue Service (IRS) has leaked tens of thousands of Social Security Numbers (SSNs). The security failure stems from the government agency failing to adequately redact sensitive details held in a new online database, listing the filings of Section 527 political organizations in what is called a $1.5 trillion non-profit industry.
The database is meant to be a tool for non-profits, congressional staff, citizens, and other parties to look into the funding and actions of non-profit organizations, which represents 10-percent of US wages, with the ultimate goal of improving the efficiency of such markets.
The discovery, made by Public.Resource.Org, was reported to the US Treasury Inspector General for Tax Administration on July 2nd, with further documentation passed to senior White House and IRS officials. On the advice of the archive, access to the database by the public was revoked, in order to minimize the damage caused, and to prevent opportunists from gathering the data just for the SSNs.
The security issue is compounded by the fact that the IRS has been shipping the same data on DVDs for some time now, the January release of which PublicResource claims is "improperly vetted." The data was then publicly released in February.
Carl Malamud, archivist for PublicResource, calls the IRS data-handling efforts "unprofessional and amateur." He complains of the IRS policy where staff are not allowed to e-mail other organizations, even in an emergency, and that "The IRS has recklessly violated the privacy of Americans and deliberately tried to keep scrutiny away from our worst charities."
"We hope and expect that the administration will act promptly to address the privacy violations and get the database back online," said Malamud.