Blogs| Privacy and Data Security Challenges in the LIHTC Program
Written by
Devendra Khati
Published
May 6, 2025
Topics
LIHTC
When you hear about the Low-Income Housing Tax Credit (LIHTC) program, the conversation usually revolves around tax credits, compliance reports, and affordable housing numbers.
What often gets overlooked is how sensitive data is collected, processed, and stored along the way and how vulnerable that data can be if organizations are not paying close attention to cybersecurity.
The reality is simple. Managing LIHTC properties today involves much more than physical inspections and income certifications. It also involves protecting a growing network of financial, operational, and compliance-related data that the entire LIHTC system relies on.
The LIHTC program generates and maintains a wide range of data beyond tenant information. Some key categories include:
All of this information is essential to showing that LIHTC properties are compliant. However, it also means that affordable housing stakeholders are handling large amounts of sensitive and regulated information that needs proper security controls.
Affordable housing organizations may not seem like obvious cybersecurity targets compared to banks or hospitals. However, the combination of personal, financial, and operational data found in LIHTC records makes them attractive to hackers.
Here is why LIHTC-related data is increasingly at risk:
Unfortunately, many developers, owners, asset managers, syndicators, and other management firms involved in LIHTC operations still have limited cybersecurity maturity. That opens up risks across the entire ecosystem.
Subscribe to Our Newsletter
Get the Latest in LIHTC Right Here!.
Asset management in the LIHTC world is no longer just about maintaining the physical condition of properties. It is also about maintaining and protecting digital assets, such as:
As housing portfolios grow larger and compliance demands get more complex, the volume of data that needs to be stored, accessed, updated, and secured keeps growing.
Without strong cybersecurity measures, a breach could expose years of compliance work, trigger noncompliance penalties, and hurt both financial and reputational standing.
Currently, federal and state oversight in the LIHTC program focuses mainly on traditional compliance metrics: tenant eligibility, rent restrictions, physical standards, and proper use of tax credits.
No formal cybersecurity requirements are tied to the LIHTC compliance process at the federal level.
This means:
Without standardized expectations, cybersecurity remains an organizational choice rather than an operational requirement.
Across developers, asset managers, and investors, the LIHTC industry faces several urgent data security risks:
The risk is no longer theoretical. Housing organizations have increasingly become the targets of cybercriminals seeking easy vulnerabilities.
Building better cybersecurity practices across the LIHTC industry starts with a few clear actions:
The LIHTC program is one of the most successful affordable housing tools in the United States.
But success today depends on more than just building units and meeting rent limits. It also means protecting the massive amount of sensitive data that keeps the program running.
Housing organizations, investors, developers, and managers involved in LIHTC cannot afford to treat cybersecurity as someone else’s problem anymore.
Safeguarding LIHTC data is now part of safeguarding the integrity of the entire program—and protecting the people and communities it serves.