The Internal Revenue Service (IRS) has issued a statement denouncing the unauthorized disclosure of taxpayer information by a former contractor, Charles Edward Littlejohn. Littlejohn pleaded guilty to leaking thousands of tax returns, including those of high-profile individuals such as Donald Trump, Elon Musk, Jeff Bezos, Warren Buffett, and Michael Bloomberg. He was sentenced to five years in prison for this violation of the tax code. The IRS has begun notifying additional taxpayers impacted by the breach, as required by law, even if their names were not publicly disclosed.
Affected taxpayers have received Letter 6613-A, IRC 7431(e) Notification Letter, informing them of the unauthorized disclosure of their tax return information by an IRS contractor. The letter directs taxpayers to the relevant statute and informs them about the Crime Victims’ Rights Act. The IRS has provided updates on their efforts to address the breach within the constraints of the law. The agency explained the delay in notifying impacted taxpayers, citing the complexity of the data and the need to wait until after Littlejohn’s sentencing to access all relevant information.
The IRS confirmed that the breach occurred between 2018 and 2020 and that the information was leaked to news organizations, including Pro Publica and The New York Times. The agency stated that they do not yet know the full extent of the information unlawfully disclosed by Littlejohn but reassured taxpayers that there is no evidence of the information being used for identity theft or fraudulent purposes. The investigation is ongoing, and the IRS is working to identify and contact any additional impacted taxpayers, including Form K-1 recipients.
In response to the breach, the IRS has implemented new security measures to strengthen their internal systems and protocols. These include tighter user access restrictions, enhanced security controls, more frequent data reviews, improved firewalls, 24/7 monitoring, new analytical tools, reduced use of removable media, stricter email controls, detailed access logs, and enhanced printer controls. These measures are intended to reduce risks for taxpayers and the tax system. The IRS has pledged to provide updates as more information about the breach and any further steps taken becomes available.
