The Internal Revenue Service inadvertently exposed the Social Security numbers of tens of thousands of individuals online who donated money to tax-exempt organizations involved in political activities.
For reasons of political transparency, the IRS posts information filed by the organizations, which are required to report their contributors and expenditures to the IRS. The nonprofit groups are called "527s" (named for Section 527 of the tax code that gives the groups tax-exempt status). Donors are supposed to be listed, but additional personal information, such as Social Security numbers, is not. Nevertheless, this occurred in numerous instances.
"When we were alerted last week that a substantial number of Social Security numbers were posted on IRS.gov in forms filed by section 527 political organizations, the IRS decided out of an abundance of caution to temporarily remove public Web access to the records," the IRS said.
That database now has been taken down from the Web, and the IRS is "assessing the situation and exploring available options," the agency said in a statement to NBC News.
The finding was made public by Carl Malamud of Public.Resource.Org, a nonprofit group that fights for putting government documents online and making those documents free for all to view.
There are thousands of 527 groups, which run the gamut of issues and interests, from the Plumbers/Pipefitters Union and the American Dental Association, to feminist-backed EMILY's List and conservative RightChange.com. There is no limit to the amount a person can donate, but the donations are not tax deductible, and they must be publicly reported.
For this reason, Malamud worries about the database remaining offline for long. "This Section 527 database is an essential tool used by journalists, watchdog groups, congressional staffers, and citizens," he said on his site. The "public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible)."
While calling the posting of the Social Security numbers "reckless," Malamud said the IRS does make it clear that Social Security numbers should not be submitted on forms that will be put online and available for "public inspection."
"Mistakes happens; the trick is when they happen, you need to fix them," Malamud told NBC News. "The IRS should have simply rejected those documents when they were submitted, and made people refile them" without the Social Security numbers included.
The IRS, in its statement, said that it "frequently and routinely reminds organizations of the public disclosure of these forms and urges them not to include personal information, including Social Security numbers, in their public filing."
Most of the Social Security numbers that were exposed were included in 527 filings made between 2002 and 2008, Malamud said. And while chances are that "most people are safe," and "most organizations know better" than to include Social Security numbers, he said, donors may want to check with the organizations they gave money to find out for sure.
NBC News also asked the IRS if it plans to contact the individuals whose Social Security numbers were exposed, and will publish an updated post if we receive the answer.