Skip to content
Federal Tax

Ways and Means Chair Again Presses IRS on Tax Data Security

Tim Shaw  

· 5 minute read

Tim Shaw  

· 5 minute read

Calling the maximum possible sentence of a former IRS contractor who pleaded guilty to unlawfully disclosing private tax information to news outlets “inadequate,” the top House taxwriter asked the IRS for an update on how safeguard improvements are progressing.

House Ways and Means Committee Chair Jason Smith (R-MO) in a January 8 letter to IRS Commissioner Danny Werfel requested details on what actions have been taken since Charles Edward Littlejohn, who worked as a contractor at the IRS from 2018-2020, disclosed tax return information of Former President Donald Trump to the New York Times in 2019, as well as tax records of wealthy individuals to ProPublica in 2020.

Ways and Means Republicans have pressured the Treasury Department, Department of Justice, and IRS watchdog agencies over the course of the ensuing years on how the “historic leak of taxpayer information” occurred, but Smith is now more concerned about the future of the IRS’ internal guardrails to prevent data breaches of sensitive private information.

In its Management Quarterly Update for the third quarter of fiscal year 2023, the IRS reported it “has significantly strengthened information security” and “implemented significant controls that limits the ability to remove sensitive information” from system computers. This was achieved through a “combination of new technology capabilities, training and enhanced management controls,” as well as tighter restrictions on which employees have access to taxpayer data, the IRS said.

“I am pleased that the IRS is taking some action to address vulnerabilities in its system, but I want to understand the full scope of what IRS is doing so that we can ensure that another massive leak of confidential taxpayer information does not happen again,” wrote Smith. He asked Werfel to, by January 22, supply answers to a series of questions, including the number of employees that currently have access to federal tax information compared to before changes were made.

Littlejohn pleaded guilty on October 12 and faces a maximum sentence of five years in prison. Sentencing is scheduled for January 29. However, Smith previously bemoaned in November that Littlejohn’s guilty plea only pertains to a single charge of unauthorized disclosure “despite explicitly detailing his two separate and distinct unauthorized disclosures.”

“Those disclosures involved two sets of information that were disclosed at two different times to two distinct organizations covering thousands of taxpayers,” Smith continued, emphasizing again Monday he views the five-year penalty as light.

As illustrated in a DOJ release following Littlejohn’s guilty plea, he used multiple personal devices to store tax returns after using “broad search parameters designed to conceal the true purpose of his queries” on an IRS database.

“By using his role as a government contractor to gain access to private tax information, steal that information, and disclose it publicly, Charles Littlejohn broke federal law and betrayed the public’s trust,” said Attorney General Merrick Garland. “In every case, the Department of Justice is committed to following the facts wherever they lead and holding accountable those who violate our laws.”

The investigation was aided by the Treasury Inspector General for Tax Administration, which previously warned the IRS in an August report of “significant deficiencies” in how the agency accounts for microfilm backup cartridges containing business and individual tax account information.

“Our review found that required annual inventories of microfilm cartridges maintained at the Austin, Kansas City, and Ogden Tax Processing Centers have not been performed,” read the report. “In fact, management could not provide a time frame of when the last required annual inventory was conducted.

Smith’s letter also cited a report from the Government Accountability Office (GAO) released August 2023. Among its findings delving into data risk and threat prevention, the report found that training course completion rates among contractors paled in comparison to employees. “As a result, IRS contractors are at increased risk of being unprepared to handle taxpayer information,” according to the GAO.

“From serious breaches of confidential taxpayer data and document mismanagement to poor cybersecurity training and infrastructure vulnerabilities, the IRS has a decades-long and troubled history with adequately protecting American taxpayers’ information,” commented Senate Finance Committee Ranking Member Mike Crapo (R-ID).


Get all the latest tax, accounting, audit, and corporate finance news with Checkpoint Edge. Sign up for a free 7-day trial today.

More answers