The IRS does not have "adequate controls" to detect or prevent the unauthorized removal of data, a recent report by the Treasury Inspector General for Tax Administration (TIGTA) found.
The TIGTA was responding to a request made in February 2023 by House Ways and Means Committee Chair Jason Smith, R-Mo., to investigate how left-wing ProPublica was able to obtain data on the tax returns of thousands of the nation's wealthiest people, covering more than 15 years. A series of articles followed in June 2021 that targeted numerous taxpayers, including Elon Musk, Jeff Bezos, Warren Buffett, Mark Zuckerberg, and Bill Gates, using the tax information.
The TIGTA's investigation also concerned former IRS contractor Charles Littlejohn, who was sentenced in January to five years in prison after he admitted to stealing tax information, including former President Donald Trump's, and providing it to two media outlets, including, according to Smith, The New York Times and ProPublica, which denied knowing its informant's identity.
In its report released Feb. 6, the TIGTA identified 279 users who were listed in the Business Entitlement Access Request System (BEARS) as separated from the agency but who, as of July 13, 2023, continued to have access to at least one IRS sensitive system. However, for each of those individuals, IRS network access was removed, which according to the IRS, reduces, but does not eliminate, the risk that a user can access a sensitive system.
The TIGTA report said the IRS is evaluating steps to improve its ability to safeguard data on its sensitive systems, including identifying and recording user actions when accessing sensitive data and tracking authorized and unauthorized attempts of removal of sensitive data from its systems.
"However, for some sensitive systems, the IRS does not have adequate controls to detect or prevent the unauthorized removal of data by users," the report stated. "TIGTA has reported that a key deficiency in the IRS's detection and deterrence processes did not ensure that all sensitive systems provide complete, accurate, and usable audit trail logs for monitoring and identifying unauthorized access and for other investigative purposes."
Smith said in a news release Monday the IRS "has absolutely no excuse" for not safeguarding confidential taxpayer information.
"Alarm bells should have set off at the IRS when it was discovered that an IRS contractor stole and leaked thousands of individuals' tax returns, including President Trump's," Smith said. "Instead, it looks like the agency has done very little in response."
The TIGTA made three recommendations for the IRS: ensure that access to sensitive systems is immediately suspended or disabled when a contractor is identified as not having a favorable background determination; ensure that user network access and sensitive system access are timely removed for users who separate from the IRS; and ensure that the 1,566 Criminal Investigation users' network access is updated in BEARS. The TIGTA said the IRS agreed with all three recommendations.
"I think that protecting taxpayer information from unauthorized access is an absolute solemn responsibility of the IRS," IRS Commissioner Daniel Werfel said Monday during a Ways and Means Committee hearing. "I also believe that this individual [Littlejohn] … betrayed his own commitments. He betrayed IRS employees, and he betrayed the American taxpayer. That type of betrayal should not be tolerated."
Michael Katz ✉
Michael Katz is a Newsmax reporter with more than 30 years of experience reporting and editing on news, culture, and politics.
© 2025 Newsmax. All rights reserved.