The Internal Revenue Service (IRS) has informed thousands of taxpayers about unauthorized access and disclosure of their tax return information by former IRS contractor Charles Littlejohn. Littlejohn, who worked with the IRS from 2017 until 2021, illegally accessed sensitive tax information, including that of former President Donald Trump, and shared this information with media outlets such as Pro Publica and The New York Times. He has since faced legal consequences, pleading guilty to a singular count of unauthorized disclosure, resulting in a five-year prison sentence that will commence on May 1, 2024.
In response to the incident, the IRS has proactively reached out to those affected, sending out letters detailing the situation, including the nature of Littlejohn’s charges and the implications under Section 7431 of the Internal Revenue Code, which outlines civil damages for unauthorized disclosures. However, the initial communication left many taxpayers in the dark about the specifics of the stolen information. The IRS later released a supplemental letter clarifying that they are still in the dark regarding the exact scope of the stolen data and affirming that there is currently no evidence of identity theft related to this incident.
Meanwhile, two affected taxpayers have taken legal action. Kenneth Griffin filed a lawsuit against the IRS and the U.S. Department of Treasury, citing negligence in safeguarding taxpayer information. His case concluded on June 25, 2024, with the IRS offering an apology to him and others impacted by the disclosures, recognizing a failure in security measures to prevent Littlejohn’s actions. The IRS pledged to strengthen their systems to avoid such incidents in the future.
On the other hand, Kelcy Warren’s lawsuit targets Booz Allen, which employed Littlejohn at the time. Warren’s complaint claims negligence in failing to adequately oversee Littlejohn’s activities. Although Warren’s case is still ongoing, challenges exist in proving actual damages due to the legal limitations set forth under Section 7431, which caps damages at either $1,000 or actual damages, proving difficult for taxpayers whose information remains undisclosed.
Overall, the IRS’s response and commitment to addressing vulnerabilities in their systems highlight a commitment to improving their security and restoring trust among taxpayers. The legal routes being pursued by the affected individuals may serve to create increased accountability and oversight within both the IRS and contractors operating within the system. This incident, while unfortunate, also presents an opportunity for reform and strengthening of taxpayer protections moving forward.