IRS Employee Took Home Data on 20,000 Workers at Agency

Photographer: Andrew Harrer/Bloomberg

The Internal Revenue Service’s data breach is much narrower in scope than the security incident at Target Corp., where hackers stole credit-card information used by millions of shoppers. Close

The Internal Revenue Service’s data breach is much narrower in scope than the security... Read More

Close
Open
Photographer: Andrew Harrer/Bloomberg

The Internal Revenue Service’s data breach is much narrower in scope than the security incident at Target Corp., where hackers stole credit-card information used by millions of shoppers.

A U.S. Internal Revenue Service employee took home a computer thumb drive containing unencrypted data on 20,000 fellow workers, the agency said in a statement today.

The tax agency’s systems that hold personal data on hundreds of millions of Americans weren’t breached, the statement said.

“This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data –- whether it involves our fellow employees or taxpayers,” IRS Commissioner John Koskinen said in a message to employees. “This was not a problem with our network or systems, but rather an isolated incident.”

The IRS is contacting the current and former employees involved, almost all of whom worked in Pennsylvania, Delaware and New Jersey. The information dates to 2007, before the IRS started using automatic encryption.

IRS officials were told of the breach “a few days ago,” Koskinen’s message said.

The Social Security numbers, names and addresses of employees and contract workers were potentially accessible online because the thumb drive was plugged into the employee’s “unsecure home network,” Koskinen’s message said.

The IRS said it had no knowledge of the information being used to commit identity theft.

Inspector General

The IRS said it’s working with its inspector general to investigate the incident. The IRS statement didn’t say why the incident was discovered now, didn’t include the name of the employee who used the thumb drive and didn’t say whether the employee still works at the IRS.

David Barnes, a spokesman for the inspector general’s office, declined to comment.

House Ways and Means Committee Chairman Dave Camp, a Michigan Republican, said in a statement that the IRS in the past has released taxpayer information to the public and “has not been able to effectively prevent and detect identity theft.” He said the committee will look into the incident.

The IRS’s data breach is much narrower in scope than the security incident at Target Corp. (TGT), where hackers stole credit-card information used by millions of shoppers.

It comes during a trying year for the tax agency, which has been under congressional investigation for its spending at conferences and its scrutiny of small-government groups.

To contact the reporter on this story: Richard Rubin in Washington at rrubin12@bloomberg.net

To contact the editors responsible for this story: Jodi Schneider at jschneider50@bloomberg.net Laurie Asseo

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.