The IRS has issued a stern warning to taxpayers regarding the unauthorized disclosure of tax return information by a contractor, Charles Edward Littlejohn. Littlejohn was sentenced to five years in prison for leaking thousands of tax returns, including those of prominent figures like Donald Trump, Elon Musk, Jeff Bezos, Warren Buffett, and Michael Bloomberg. The IRS has begun notifying more impacted taxpayers, as required by law, through a Notification Letter that informs them of the breach and their rights under the Crime Victims’ Rights Act.
The IRS has provided an update on their efforts to address the breach, stating that they were only able to access information on affected taxpayers after Littlejohn was sentenced in February 2024. They are working with TIGTA to analyze the complex data set received and understand the extent of the unauthorized disclosure. The agency confirmed that the incident took place between 2018 and 2020, with information being leaked to news organizations including Pro Publica and The New York Times, but there is no evidence of the information being used for identity theft or fraud.
The IRS is continuing its investigation to identify and contact any additional impacted taxpayers, including Form K-1 recipients whose information may have been disclosed. They have implemented new security measures to prevent future breaches, such as restricting user access, enhancing security controls, conducting more frequent data reviews, and strengthening monitoring and analytical tools. The agency assures taxpayers that these actions have significantly reduced risks for them and the tax system, and they will provide updates as more information becomes available.
The IRS has emphasized that any unauthorized disclosure of taxpayer information is unacceptable and goes against its values and commitment to taxpayers. Littlejohn’s actions violated section 7213(a)(1) of the tax code, which is the most serious offense for leaking tax information. The agency is taking steps to address the breach, including notifying affected taxpayers through a Notification Letter and offering resources on identity theft prevention. They are also working to understand the full scope of the unauthorized disclosure and ensure that taxpayer accounts are not compromised.
The IRS has provided taxpayers with an update on their efforts to address the breach, including clarifying the timing of the notices and the steps taken to analyze the data received. They have not found any evidence that the leaked information was used for identity theft or fraud beyond the news organizations to which it was disclosed. The agency is actively contacting additional impacted taxpayers and has implemented new security measures to prevent future breaches, ensuring the safety of taxpayer information and the tax system as a whole.
In response to the breach, the IRS has implemented new protections, such as restricting user access, enhancing security controls, and improving monitoring and analytical tools. They have also increased data reviews, strengthened firewalls, and implemented tighter email controls to prevent future unauthorized disclosures. The agency reassures taxpayers that these measures have significantly reduced risks for them and the tax system, and they will continue to provide updates as more information about the breach and any next steps becomes available.
