The Internal Revenue Service (IRS) has recently informed thousands of taxpayers about a breach involving unauthorized access to their tax returns by former contractor Charles Littlejohn.
Between 2017 and 2021, Littlejohn misappropriated sensitive tax information, including that of former President Donald Trump, and disclosed it to news outlets Pro Publica and The New York Times. Following his actions, Littlejohn was charged and subsequently pleaded guilty to one count of unauthorized disclosure of tax information. He has been sentenced to five years in prison, with his term commencing on May 1, 2024.
Affected taxpayers received initial notifications from the IRS, which explained the breach and directed them to relevant resources for further inquiries. However, many taxpayers expressed concerns due to a lack of clarity concerning what precise data had been compromised and the extent of its dissemination. To address these concerns, the IRS issued a supplementary letter confirming that it remains unaware of the full scope of disclosed information but reassured taxpayers that there is no evidence the information has been used for identity theft or fraud. The IRS also highlighted that all taxpayer data possessed by Littlejohn has been recovered.
In response to this situation, two taxpayers have initiated legal action. Kenneth Griffin has filed a lawsuit against the IRS and the U.S. Department of Treasury, holding them accountable for inadequate safeguarding of tax information. Their case was resolved on June 25, 2024, with the IRS issuing an apology and acknowledging its failure in preventing Littlejohn’s misconduct. The IRS also assured taxpayers that it is committed to evaluating its security systems in collaboration with other governmental oversight bodies.
The second taxpayer, Kelcy Warren, has brought a suit against Booz Allen, Littlejohn’s former employer, citing failure to adequately monitor his activities. While the legal proceedings continue in Warren’s case, the provisions of Section 7431 pose challenges for those seeking compensation, as it allows for only limited damages, making it difficult for affected taxpayers to prove actual damages.
This incident serves as a stark reminder of the importance of data security, particularly in organizations dealing with personal information. The IRS’s efforts to address the breach and its commitment to evaluate and improve its protective measures are steps in the right direction, fostering a renewed focus on taxpayer security.
Hopeful commentary: Moving forward, it is crucial for organizations, especially government agencies, to prioritize stringent data security measures. This situation highlights a significant opportunity for the IRS to enhance its systems and restore trust with affected taxpayers. The response from the IRS demonstrates a commitment to accountability and a proactive approach to preventing future breaches, offering hope for greater accountability and security in the future.