IRS handed taxpayer information to contractors without background checks

The Internal Revenue Service exposed more than 1 million taxpayers to “increased risk of fraud and identity theft” by giving their private information to contractors without background checks, according to a federal audit.

The Treasury Inspector General for Tax Administration said in a report released Thursday that the IRS handed over a disc containing sensitive data on about 1.4 million taxpayers to a printing firm without any of the company’s employees being subjected to screenings.


(Susan Walsh/AP)

The audit also revealed that the IRS did not ensure timely background checks for 12 other contracts, even though agency staff had determined that investigations were required for the businesses involved.

Additionally, auditors determined that 20 IRS contracts involved non-agency personnel who had not signed nondisclosure agreements, according to the report.

IRS policy requires contractor employees to have background checks if they will have access to “sensitive but unclassified” information, which includes the names, addresses and Social Security numbers that the IRS released to its service providers.

“Allowing contractor personnel access to and custody of sensitive information prior to the appropriate background screening process increases the risk to taxpayer and the IRS of misuse of taxpayer and other sensitive data and possible identity theft,” the report said.

The IRS said it began issuing more-explicit guidance and training over a year ago to ensure that contractor personnel with access to sensitive information submit nondisclosure agreements. The moves were in line with recommendations from the inspector general’s office.

“The IRS is committed to clarifying policies and procedures to ensure appropriate security provisions are included in all appropriate solicitations and contracts,” the agency said in a statement Thursday.

Asked whether the IRS knows of any incidents involving abuse of the sensitive information, the agency noted that the report did not include any findings of inappropriate use.

“Keep in mind, the IRS only provides contractors access to the necessary data needed to complete the contracted work and ensures that data is recovered or destroyed when the work is complete,” the agency said in a statement.

Josh Hicks covers the federal government and anchors the Federal Eye blog. He reported for newspapers in the Detroit and Seattle suburbs before joining the Post as a contributor to Glenn Kessler’s Fact Checker blog in 2011.
Comments
Show Comments
Most Read Politics
Next Story
Josh Hicks · August 14