The issue arose within the agency's searchable database of the filings of tax-exempt political groups, known as 527 Groups. Public.Resource.org, which has led the charge in pushing for greater transparency in the finances of these groups, took the unusual step of actually asking the IRS to take down the databases in question. The problem, it explained, is that the government forgot to redact the Social Security numbers of tens of thousands of individuals involved with those organizations.
"It is with greatly conflicted feelings that we requested the administration make the political organization database go dark temporarily," says the group. "We understand that this is an essential tool for researchers and even temporary unavailability hurts their efforts. We hope and expect that the administration will act promptly to address the privacy violations and get the database back online."
It's not clear if any identity thieves noticed the screw-up and took advantage before the database was taken down. But it's a good reminder of one of the fundamental truths of identity-theft protection: Even if you do a great job of protecting your data, the various businesses, organizations and groups with which you do business aren't always going to be as careful.
That's why you need to operate on the assumption that your personal data is going to be leaked at some point. Sometimes hackers will get into a website's database of passwords, which is why it's important not to repeat passwords across multiple sites. Sometimes they'll get email addresses which can be used for phishing scams, which is why it's important to treat any email that asks for your personal information with suspicion.
And as the IRS has just shown, sometimes your Social Security number -- one item in the "holy trinity" of identity theft -- can also wind up in the wrong hands, which is why it's important to monitor your bank accounts and sign up for an identity-theft protection service to make sure no one else opens an account in your name.
Matt Brownell is the consumer and retail reporter for DailyFinance. You can reach him at Matt.Brownell@teamaol.com, and follow him on Twitter at @Brownellorama.
You Thought You Were Safe? The Myths and Realities of Your Online Security
IRS Screw-Up Leaks Thousands of Social Security Numbers
For years, security professionals have emphasized the importance of shredding your personal documents before you throw them out. But Holland notes that shredding isn't as much of a priority as it used to be. "There aren't nearly as many documents with personal information out there as there were even just two years ago," he explains. "These days, it's much easier to get your information off your computer."
Passwords are your first line of defense against intruders. But, as Holland points out, even the most careful people sometimes have password breaches. "I've helped chief privacy officers from health care and security firms," he notes. "If they're getting hit, then anyone is vulnerable." While Holland notes the importance of having a good password, he emphasizes that the most important thing is paying attention to password breach notifications. If you hear that one of your passwords may have been breached, he counsels, change it immediately. And, because many of your accounts may be linked, he notes, it's not a bad idea to change the rest of your passwords as well.
One piece of advice that you don't often hear is to keep on top of software updates. But, Holland argues, updating your operating system, your software, and your security programs is one of the easiest and most important ways to ensure your security. Software companies spend a lot of time and money trying to stay ahead of online intruders -- it only makes sense to take advantage of their work.
Even if you are convinced that your security is state-of-the-art and your password is unbreakable, it never hurts to double-check your most sensitive accounts. Holland suggests regularly checking your bank and credit card statements to ensure that there aren't any inappropriate charges on your accounts. As a side benefit, this is also a great way to catch any unexpected fees that your bank may try to spring on you.
When a breach happens, a fast response can mean the difference between a minor annoyance and a major pain in the neck. With that in mind, Holland suggests talking to your bank about having transaction alerts placed on your account. Every time your account is credited with a transaction over a particular amount -- $50, for example -- your bank will send you an e-mail or text notification. If it's an expected transaction, you can discard the message; if not, you'll be able to respond immediately.
Every year, you are entitled to a free credit report from each of the reporting bureaus. Holland suggests taking advantage of this free service, noting that your credit report is a great way to track your outstanding debts and ensure that nobody is trying to open false accounts in your name. He emphasizes, however, that the best way to get your free report is by going to AnnualCreditReport.com, not FreeCreditReport.com. "That site's a scam," he laughs.