It is unclear how many SSNs were exposed and whether or not the SSNs were displayed alongside any other identifying information. I think this would be an important detail. I’m not sure what exactly is needed to perpetrate an identity theft or a financial crime using a SSN, but it seems to me that more would be needed than simply the SSN. I would think that a criminal would need at least the name that goes with it too.
Furthermore, it looks like this information probably did not fall into the hands of any criminals. The data remained up on the site for less than 24 hours, and during that time (if I understand the geek speak) there were only 8 total clicks on the page in question and no actual privacy complaints.
Still, as with all the other recent IRS blunders, what bothers most taxpayers is the fact that the mistake was made, not the end result or the damage that was done. Think of how many visitors irs.gov gets each day. Popularity-wise we don’t like it, but traffic-wise, it is one of the most visited websites in the country. It just so happened that the SSNs were exposed in a little obscure corner of a massive, content-rich IRS website. It is easy to see how this was a close call and could have been a much more serious mistake. When it comes to our personal identifying information and our financial information, we don’t like close calls. A close call just means that there could easily be a “next time” and next time we might not be so lucky.