Skip to Content
IRS Whistleblowers, click here to contact the Ways & Means Committee about waste, fraud, and abuse.

Watchdog: Lack of Guardrails Leaves Confidential Taxpayer Information Vulnerable at the IRS

February 12, 2024 — Blog    — Oversight    — Press Releases   

WASHINGTON, D.C. – Days before IRS Commissioner Daniel Werfel is scheduled to testify before the Ways and Means Committee, a new report issued by the Treasury Inspector General for Tax Administration (TIGTA) finds the agency is failing to put adequate controls in place to prevent unauthorized removal of confidential taxpayer information on some sensitive agency systems. Requested by Ways and Means Committee Chairman Jason Smith (MO-08), the report identifies many concerns, including 19 IRS contractors who failed background investigations but still had access to one or more systems because of a lack of agency action to suspend or disable the contractors’ access. Another 279 employees retained access to sensitive systems after separating from the IRS. In total, the report shows the agency does not have adequate controls to detect or prevent the unauthorized removal of taxpayer information by users, setting up the potential for a repeat of the massive, illegal leak of tax returns like that carried out by Charles Littlejohn to The New York Times and ProPublica

Ways and Means Committee Chairman Smith issued the following statement in response to the TIGTA report:

“Alarm bells should have set off at the IRS when it was discovered that an IRS contractor stole and leaked thousands of individuals’ tax returns, including President Trump’s. Instead, it looks like the agency has done very little in response. The IRS has absolutely no excuse for the failure to protect confidential taxpayer information. The IRS must prioritize safeguarding taxpayer information and put adequate controls in place to prevent leaks of sensitive taxpayer information from happening again.”

Oversight Subcommittee Chairman David Schweikert (AZ-01) released the following statement: 

“For the federal tax system to work, taxpayers must be confident that their private taxpayer information is safe and protected. The IRS clearly failed to put in place adequate safety measures to prevent the leaking of thousands of individuals’ tax returns, and it appears the agency still hasn’t learned its lesson. The last thing taxpayers need is one more excuse not to file. Chairman Smith and I call upon the IRS to take immediate steps to protect confidential taxpayer information for the current tax-filing season and put the necessary guardrails in place to ensure private tax returns are never leaked again.”

Key Findings from the TIGTA Report:

  • Former Employees Still Have Access to Sensitive Systems: Procedures to systematically remove users who no longer require access to sensitive systems were not always working as intended. TIGTA identified 279 users who were listed in the Business Entitlement Access Request System (BEARS) as separated from the agency but who, as of July 13, 2023, continued to have access to at least one IRS sensitive system.
  • IRS Failing to Protect Data from Contractors With Unfavorable Background Checks: The IRS did not always remove contractor access to sensitive systems when background investigations were not favorable. Specifically, 19 contractors’ most recent background investigations were not favorable as of July 13, 2023. However, these contractors still retained their access to one or more sensitive systems because the IRS did not take action to suspend or disable the contractors access to those systems, as required.
  • Over 90,000 Employees Have Access to Taxpayer Data: As of July 13, 2023, TIGTA’s evaluation identified a total of 91,661 users, of which 5,068 were contractors, who were authorized to access one or more of the agency’s 276 sensitive systems.
    • The records associated with 4,979 of the 5,068 contractor users indicate that these contractors were employed by 187 different companies.

Timeline:

  • June 2021: ProPublica leaks confidential tax returns, including President Trump’s returns. The outlet claimed it had access to the tax information of thousands of Americans spanning more than 15 years.
  • February 16, 2023: Chairman Smith requests TIGTA evaluate how the IRS grants access to and safeguards taxpayer information maintained across its various sensitive systems.
  • October 29, 2023: Charles Littlejohn, former IRS contractor, pleaded guilty to accessing, stealing, and disclosing private taxpayer information, including that of President Trump.
  • January 24, 2024: After every Ways and Means Republican member calls for Littlejohn to receive the maximum sentence as a deterrent for potential future IRS leakers, the court gives Littlejohn the maximum sentence of five years.

Upcoming Hearing:

The Ways and Means Committee will hold an oversight hearing with IRS Commissioner Daniel Werfel on Thursday, February 15, 2024. 

Related News

Tax Subcommittee Field Hearing on Creating More Opportunity and Prosperity in the American Rust Belt

May 20, 2024 Field Hearing

Markup of H.R. 8290, H.R. 8291, H.R. 8293, H.R. 8314, and H.R. 8292

May 15, 2024 Markup

Committee Republicans Take Aim at Foreign Funding Influencing U.S. Elections and Policy Through Tax-Exempt Organizations

May 13, 2024 Blog

Chairman Smith Opening Statement – Field Hearing on Empowering Native American and Rural Communities – Scottsdale, AZ

May 10, 2024 Blog