Private information involving about 120,000 taxpayers was temporarily made public by the Internal Revenue Service, the agency announced on Friday.
Confidential data from some Form 990-Ts, a business tax return used by tax-exempt organizations, was accessible to download on the IRS.gov website's search engine for about a year, the Wall Street Journal first reported.
The agency blamed a human coding error that went under the radar for months until an employee recently noticed the mistake. The IRS is required to notify Congress of any incident involving more than 100,000 individuals under the Federal Information Security Modernization Act.
"The IRS took immediate steps to address the issue," Anna Canfield Roth, the acting assistant secretary for management for the IRS, wrote in a letter to Congress on Friday.
Taxpayer names and business contract information are among the data that was inadvertently disclosed, Roth said. But sensitive data like social security numbers, income information, or "other sensitive information that could impact a taxpayer's credit," were not released.
The files have since been removed from the website, and the agency will replace them with the correct documents in the next few weeks. The IRS also plans to contact all the impacted filers.
The agency said it is continuing to review the situation and will provide more details on the matter in the next 30 days.
The blunder comes on the heels of Congress passing a historic tax, climate and healthcare bill that will bolster funding to the IRS for improvements.