A U.S. Internal Revenue Service employee took home a computer thumb drive containing unencrypted data on 20,000 fellow workers, the agency said in a statement today.
The tax agency’s systems that hold personal data on hundreds of millions of Americans weren’t breached, the statement said.
“This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data –- whether it involves our fellow employees or taxpayers,” IRS Commissioner John Koskinen said in a message to employees. “This was not a problem with our network or systems, but rather an isolated incident.”
The IRS is contacting the current and former employees involved, almost all of whom worked in Pennsylvania, Delaware and New Jersey. The information dates to 2007, before the IRS started using automatic encryption.
IRS officials were told of the breach “a few days ago,” Koskinen’s message said.
The Social Security numbers, names and addresses of employees and contract workers were potentially accessible online because the thumb drive was plugged into the employee’s “unsecure home network,” Koskinen’s message said.
The IRS said it had no knowledge of the information being used to commit identity theft.
The IRS said it’s working with its inspector general to investigate the incident. The IRS statement didn’t say why the incident was discovered now, didn’t include the name of the employee who used the thumb drive and didn’t say whether the employee still works at the IRS.
David Barnes, a spokesman for the inspector general’s office, declined to comment.
House Ways and Means Committee Chairman Dave Camp, a Michigan Republican, said in a statement that the IRS in the past has released taxpayer information to the public and “has not been able to effectively prevent and detect identity theft.” He said the committee will look into the incident.
The IRS’s data breach is much narrower in scope than the security incident at Target Corp. (TGT:US), where hackers stole credit-card information used by millions of shoppers.
It comes during a trying year for the tax agency, which has been under congressional investigation for its spending at conferences and its scrutiny of small-government groups.
To contact the reporter on this story: Richard Rubin in Washington at email@example.com
To contact the editors responsible for this story: Jodi Schneider at firstname.lastname@example.org Laurie Asseo