The IRS is still putting America’s privacy at risk

Photo by Mike Licht,, CC BY-SA 2.0, via Flickr,

The government isn’t exactly the most trustworthy institution, particularly when it comes to agencies like the Internal Revenue Service.

And while paying federal and state income taxes is bad enough, there are other things the IRS does that make them even more nefarious.

Now a new report just uncovered that the IRS might be putting many Americans’ private information at risk.

A new report uncovers major failures at the IRS

The Treasury Department Inspector General for Tax Administration (TIGTA) released a new report that found the IRS failed to revoke access to sensitive tax systems from contractors who failed background checks and that it does not have protections in place for some of those tax systems that would prevent unauthorized access to or the removal of taxpayer data.

“The fact remains that for some sensitive systems, the IRS does not have adequate controls to detect or prevent the unauthorized removal of data by users,” the report states.

The scathing report comes as ex-IRS contractor Charles Edward Littlejohn was sentenced to five years in prison for leaking tax information to several news organizations about wealthy Americans, including former President Donald Trump.

The information in the report is a serious reminder that the government agency has struggled to fix lax or non-existent security protocols for decades.

TIGTA first warned the IRS that it was doing a poor job of protecting American taxpayer information in 2007 when George W. Bush was President.

Today, the same concerns remain as the new report cites the IRS, yet again, for additional vulnerabilities. 

One of the most glaring concerns is that several contractors who failed background checks as recently as last summer still retained access to sensitive IRS systems.

“Specifically, 19 contractors’ most recent background investigations were not favorable as of July 13, 2023. However, these contractors still retained their access to one or more sensitive systems because the IRS did not take action to suspend or disable the contractors from the IRS systems, as required,” the report continued.

According to TIGTA, approximately 279 contractors and employees who were no longer with the agency still had access to at least one sensitive computer system.

“Actions were not always taken to timely remove users once they separated from the IRS,” the report noted.

It also brought up serious concerns about the IRS’ ability (or lack thereof) to stop more illegal leaks of taxpayer information like the one that Littlejohn recently pleaded guilty to. 

The watchdog reported, “TIGTA has reported that a key deficiency in the IRS’ detection and deterrence processes did not ensure that all sensitive systems provide complete, accurate, and usable audit trail logs for monitoring and identifying unauthorized access and for other investigative purposes.”

Major cracks in the system

The watchdog said another concern was that the IRS struggled to come up with a complete list of sensitive computer systems, and the TIGTA eventually identified 319.

“To perform this evaluation, we requested information from the IRS that identifies all sensitive systems. However, our ability to obtain a complete and reliable inventory of its sensitive systems was an ongoing challenge throughout this evaluation,” it said.

IRS officials claim they are working to implement new efforts to try and fix the issues identified in the report.

IRS Commissioner Daniel Werfel said, “Our data security and environment is dramatically better today than it was in 2017 to 2020 when this unauthorized access occurred. And it’s dramatically better today because we now have the resources to make the right investments to strengthen our data security. And we have made dramatic changes.”

While TIGTA did note that some improvements from the IRS were underway, they were far from complete.

Informed American will keep you up-to-date on any developments to this ongoing story.