“To begin with, it should be stressed that this incident was unacceptable. Any improper access or disclosure of confidential taxpayer information is unacceptable, and it is completely at odds with the IRS’s values and the agency’s commitment to taxpayers.”

That’s the message to taxpayers from the IRS concerning the unauthorized disclosure of tax return information by an IRS contractor. The contractor, Charles Edward Littlejohn, pleaded guilty to unauthorized disclosure of tax return and return information—a violation of section 7213(a)(1) of the tax code, the most serious offense for leaking tax information. In January of 2024, Littlejohn was sentenced to five years in prison for disclosing thousands of tax returns—including Donald Trump’s tax returns—without authorization.

Data Breach

Earlier this month, the IRS began notifying more taxpayers impacted by the Littlejohn data breach. Former IRS contractor Charles Littlejohn illegally accessed and distributed to certain news organizations the private tax information of corporate and wealthy individual taxpayers, including former President Donald Trump and fellow billionaires Elon Musk, Jeff Bezos, Warren Buffett and Michael Bloomberg. The IRS is required, by law, to give notice to any other victims of the breach it can identify, even if their names were never published.

That notice landed in mailboxes as Letter 6613-A, IRC 7431(e) Notification Letter. In this case, Letter 6613-A indicates that an IRS contractor has been charged with the unauthorized disclosure or inspection of the taxpayer’s tax return or return information. The letter says that an IRS independent contractor—not named in the letter but clearly referencing Littlejohn—was charged with the unauthorized disclosure of the taxpayer’s information between 2018 and 2020.

The letter then directed taxpayers to the statute, enclosed with the letter, and advised taxpayers about the Crime Victims’ Rights Act (CVRA). You can find out more about the CVRA here.

IRS Updates

The IRS has subsequently offered an update on the IRS efforts “within the confines of the law.”

Notably, the IRS answered one of the questions that taxpayers had about the timing of the notice: Why now? The IRS says, “In deference to these criminal proceedings, it was only after Mr. Littlejohn was sentenced, in February 2024, that the IRS was able to access information regarding all affected taxpayers. The data set that the IRS received at that point is voluminous and complex, and the IRS has been working with TIGTA to process and analyze this data, including to more fully understand what information, pertaining to what taxpayers, was unlawfully disclosed by Mr. Littlejohn.”

The IRS reinforced several pieces of previously reported information, including that this incident occurred several years ago—between 2018 and 2020—and that the information was subsequently unlawfully disclosed to two news organizations (later identified in court documents as Pro Publica and The New York Times
NYT
).

The IRS further noted that the agency does not know “at least not at this point – the full scope of the specific information that Mr. Littlejohn unlawfully disclosed.” However, the IRS states, “a broad set of taxpayer information is maintained in this database.”

The IRS has not, they claim, seen any indication that any information was disclosed beyond those news organizations or that the news organizations disclosed the information to anyone else beyond what was publicly reported. Notably, the IRS says there is no indication so far that taxpayer information was used in any way for identity theft or any related type of fraud (Littlejohn confirmed in court documents that his motivations were related to his sense of fairness and not for financial gain).

The investigation is ongoing, and the IRS says they are continuing to contact any additional impacted taxpayers that they can identify, including Form K-1 recipients who may have had their information disclosed. The IRS also says that it “has in place screening and review procedures to identify and address potential identity theft and/or tax refund fraud.” The agency encourages taxpayers and their tax professionals to review the resources regarding identity theft referenced in the prior letter and to check IRS transcripts to ensure that taxpayer accounts do not reflect any unusual activity.

New Protections

Since the breach, the IRS says it has taken additional steps to bolster its internal systems, protocols, and procedures. Those include:

  • Further restricting user access.
  • More robust protective security controls.
  • More frequent data reviews.
  • Improved firewalls.
  • Stronger 24/7 monitoring.
  • New analytical tools.
  • Less removable media.
  • Tighter email controls.
  • Collection and retention of detailed access logs.
  • New printer controls.

These actions, the IRS says, “have sharply reduced risks for taxpayers and the tax system.”

The IRS says that it will provide updates as additional information about the breach—and any next steps—as it becomes available.

Read the full article here

Subscribe to our newsletter to get the latest updates directly to your inbox

Please enable JavaScript in your browser to complete this form.
Multiple Choice
Share.
2024 © Budget Busters Hub. All Rights Reserved.