Skip to Content
IRS data leak
© Teerachat Aebwanawong | Dreamstime.com
Security & privacy

IRS data leak: Was your private information exposed?

Hackers and cybercriminals are often the first ones to get blamed for data breaches. It’s an easy assumption, but it’s not always the case. Human error can also leave the security gates wide open. Tap or click here for four vital steps to protect your online accounts from hackers.

This scenario just played out with the Internal Revenue Service (IRS) as the private information of more than 120,000 people found its way online. Hackers aren’t to blame this time.

Read on to see how this happened and what you can do about it.

Here’s the backstory

If you own a business, you must complete several forms when filing annual tax returns. One of these is Form 990-T. This is used when reporting “unrelated business income” to a tax-exempt entity. This typically involves charities or retirement accounts.

These forms are confidential information for everyday taxpayers, but any charity or nonprofit organization must make the documents available to the public for three years. In a blog post, the IRS explains that, in addition to making the nonprofit records available, it accidentally included confidential information of 120,000 Americans.

It details that the IRS immediately removed the files after discovering the mistake. “In addition, the IRS will work with groups that routinely use the files to remove the erroneous files and replace them with the correct versions as they become available. The IRS will contact all impacted filers in the coming weeks,” it said.

The IRS stressed that the leak did not include Social Security numbers, detailed account-holder information or individual income tax returns.

What you can do about it

The IRS plans to reach out to everyone impacted by this data leak over the next few weeks. Removing and replacing the files with the correct documents is an excellent start, but that doesn’t protect you from possible cyberattacks.

Whether a hacker or human error initiated a data breach, you can take steps to protect yourself and avoid falling victim to related scams. Here are some suggestions:

  • Beware of phishing emails hitting your inbox. Scammers piggyback on breaches by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors. It’s good practice to never click on links or attachments in unsolicited emails or text messages.
  • Keep an eye on your banking statements for any unusual transactions. If you see anything strange, notify your bank immediately.
  • Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts. 
  • Check haveibeenpwned.com. Enter your email address into this online database to reveal which data breaches you might be involved in.
  • Create strong, original passwords for all your accounts and don’t reuse any. Can’t keep track of all your unique passwords? Just use a password manager. Tap or click here to get started.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Don’t fall for these malware-filled emails impersonating the IRS

Check your phone! These cleaner and security apps are hiding malware

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days