Site Logo
  • Site Logo
  • About
  • Benefits
  • Features
  • Case Studies
  • Blog
  • Contact
Request Demo
Request Demo
    Site Logo
  • About
  • Benefits
  • Features
  • Case Studies
  • Blog
  • Contact
  • Request Demo
Fusion Logo
img 1img 2img 3
Menu
  • Benefits
  • Contact
  • About
  • Features
  • Case Studies
  • Blog
  • Press
Reach Out
  • info@fusionsw.com

  • +1 (833) 387-4662

  • 1780 Stoney Hill Dr.,
    Suite A, Hudson, OH 44236

Copyright © 2025 Fusion All rights reserved.

instagramxfblinkedin

Copyright © 2025 Fusion All rights reserved.

Privacy PolicyTerms of Use

Blogs| Privacy and Data Security Challenges in the LIHTC Program

Privacy and Data Security Challenges in the LIHTC Program

Written by

author

Devendra Khati

Published

May 6, 2025

Topics

LIHTC

Cybersecurity in LIHTC program with housing data protection visual

Article Contents

    When you hear about the Low-Income Housing Tax Credit (LIHTC) program, the conversation usually revolves around tax credits, compliance reports, and affordable housing numbers.

     

    What often gets overlooked is how sensitive data is collected, processed, and stored along the way and how vulnerable that data can be if organizations are not paying close attention to cybersecurity.

     

    The reality is simple. Managing LIHTC properties today involves much more than physical inspections and income certifications. It also involves protecting a growing network of financial, operational, and compliance-related data that the entire LIHTC system relies on.

    What Kind of Data Does the LIHTC Program Involve?

    The LIHTC program generates and maintains a wide range of data beyond tenant information. Some key categories include:

     

    • Tenant qualification data: Income certifications, household compositions, and demographics.
    • Property compliance data: Rent schedules, unit counts, accessibility features, and inspection reports.
    • Financial reporting data: Project costs, funding sources, tax credit allocations, and investor equity contributions.
    • Asset management data: Ongoing maintenance logs, lease renewals, utility allowances, and annual compliance certifications.
    • Program oversight data: Audits, allocation records, regulatory agreements, and reporting to state agencies and the IRS.

    All of this information is essential to showing that LIHTC properties are compliant. However, it also means that affordable housing stakeholders are handling large amounts of sensitive and regulated information that needs proper security controls.

    Why LIHTC Data Is a Target

    Affordable housing organizations may not seem like obvious cybersecurity targets compared to banks or hospitals. However, the combination of personal, financial, and operational data found in LIHTC records makes them attractive to hackers.

    Here is why LIHTC-related data is increasingly at risk:

     

    • Personal information (e.g., tenant income and household details) can be used for identity theft or fraud.
    • Financial records related to tax credits and project funding could be exploited to commit financial fraud.
    • Compliance reports and regulatory filings could expose vulnerabilities if stolen or manipulated.
    • Third-party vendors handling LIHTC data may not always have strong cybersecurity practices, increasing exposure points.

    Unfortunately, many developers, owners, asset managers, syndicators, and other management firms involved in LIHTC operations still have limited cybersecurity maturity. That opens up risks across the entire ecosystem.

     

    Subscribe to Our Newsletter

    Get the Latest in LIHTC Right Here!.

    side_image

    Asset Management Adds to the Complexity

    Asset management in the LIHTC world is no longer just about maintaining the physical condition of properties. It is also about maintaining and protecting digital assets, such as:

     

    • Digital copies of leases and income certifications.
    • Annual owner certifications submitted to state agencies.
    • Rent rolls and utility allowance documentation.
    • Inspection and maintenance records.

    As housing portfolios grow larger and compliance demands get more complex, the volume of data that needs to be stored, accessed, updated, and secured keeps growing.

     

    Without strong cybersecurity measures, a breach could expose years of compliance work, trigger noncompliance penalties, and hurt both financial and reputational standing.

    Oversight Gaps Make the Problem Worse

    Currently, federal and state oversight in the LIHTC program focuses mainly on traditional compliance metrics: tenant eligibility, rent restrictions, physical standards, and proper use of tax credits.

     

    No formal cybersecurity requirements are tied to the LIHTC compliance process at the federal level.

    This means:

     

    • Housing finance agencies (HFAs) are not auditing cybersecurity practices.
    • LIHTC management team is not consistently trained in data protection.
    • Developers and syndicators may not prioritize cybersecurity unless an incident forces the issue.

    Without standardized expectations, cybersecurity remains an organizational choice rather than an operational requirement.

    Key Cybersecurity Risks Facing LIHTC Stakeholders

    Across developers, asset managers, and investors, the LIHTC industry faces several urgent data security risks:

     

    • Ransomware attacks target organizations holding valuable project or tenant information.
    • Phishing attacks on LIHTC management teams handling compliance documentation.
    • Third-party breaches where vendors storing LIHTC data do not have proper safeguards.
    • Data mismanagement during reporting, storage, or transfer between parties.
    • Inadequate incident response when data breaches occur, leading to delayed recovery and further compliance problems.

    The risk is no longer theoretical. Housing organizations have increasingly become the targets of cybercriminals seeking easy vulnerabilities.

    What LIHTC Organizations Need to Do Now

    Building better cybersecurity practices across the LIHTC industry starts with a few clear actions:

     

    1. Limit Data Collection and Sharing: Collect only what is necessary for compliance and reporting. Avoid gathering or storing excess information that could become a liability.
    2. Strengthen Internal Controls: Implement password management, multi-factor authentication, role-based access controls, and encrypted storage for all LIHTC-related data.
    3. Review and Monitor Third-Party Vendors: Audit vendors handling tenant certifications, compliance tracking, or financial reporting to ensure they meet strong cybersecurity standards.
    4. Train Staff Handling LIHTC Data: Everyone dealing with compliance paperwork, tenant files, and financial reporting must understand basic cybersecurity practices and phishing prevention.
    5. Create and Test Incident Response Plans: Have a clear plan for detecting, responding to, and recovering from a data breach. Test the plan regularly before a real crisis happens.

    Final Thoughts

    The LIHTC program is one of the most successful affordable housing tools in the United States.

     

    But success today depends on more than just building units and meeting rent limits. It also means protecting the massive amount of sensitive data that keeps the program running.

     

    Housing organizations, investors, developers, and managers involved in LIHTC cannot afford to treat cybersecurity as someone else’s problem anymore.

     

    Safeguarding LIHTC data is now part of safeguarding the integrity of the entire program—and protecting the people and communities it serves.

    Related Blogs

    bullet
    bullet
    Community meeting between nonprofit and housing project stakeholders discussing LIHTC plans

    The Role of Nonprofits in LIHTC Housing Projects

    Read more
    Cybersecurity in LIHTC program with housing data protection visual

    Privacy and Data Security Challenges in the LIHTC Program

    Read more
    LIHTC management software dashboard on laptop

    Essential Features in LIHTC Asset Management Software

    Read more
    Architect presents building model during Fusion meeting

    Why Investors Should Consider LIHTC Projects

    Read more
    Team planning housing project with Fusion model and blueprints

    A Step-by-Step Guide to LIHTC Development Workflow

    Read more
    Housing Crisis Through LIHTC

    How Expanding LIHTC Can Solve the Affordable Housing Crisis

    Read more

    Join the Fusion Community

    Fill in your email address to subscribe to our newsletter. Get expert insights, the latest LIHTC news, and valuable resources delivered directly to your inbox.
    No spam—just valuable information.

    Questions? Contact us nowblack_chevron