If it weren’t in enough hot water already, the Internal Revenue Service has slipped up again, reports the National Journal.

Still under fire for targeting conservative political groups, the IRS unwittingly exposed on government websites the Social Security numbers of tens of thousands of Americans last week, according to a recent audit from the independent transparency group Public.Resource.org.

The exposed numbers came from nonprofit political groups known as 527s, which have to file taxes with the IRS that ultimately wind up in an agency database. According to the National Journal, the IRS frequently sends updated records of this database to many public-interest groups, such as Public.Resource.org—but when the IRS told that group’s founder, Carl Malamud, to ignore part of the filings from earlier this year, the transparency advocate decided to take a closer look.

With a little digging, the reason for the agency’s unusual request soon became apparent: Malamud and Public.Resource.org found that the IRS forgot to redact the Social Security numbers of tens of thousands of individuals involved in those political groups. When the group notified the IRS of its mistake on July 2, the database was taken down immediately. But according to the National Journal, “the damage was done.”

In its report, Public.Resource.org wrote, “While the public posting of this database serves a vital public purpose (and this database must be restored as quickly as possible), the failure to remove individual Social Security numbers is an extraordinarily reckless act.”

The IRS has since responded with a statement saying the agency is “assessing the situation and exploring available options,” according to the National Journal.