The geniuses at the Internal Revenue Service gave sensitive data on over a million taxpayers to a printing contractor wiout checking the bona fides of any of the contractor's employees, says the Treasury Inspector General for Tax Administration. The news comes from a report dated last month but just released to the public. This and several similar screw-ups "exposes taxpayers to increased risk of fraud and identity theft."
The report reveals a number of interesting tidbits, such as the fact that, in adddition to IRS personnel, 14,000 contractors have "staff-like" access to Sensitive But Unclassified (SBU) information. Such protected data includes "any information under the IRS's authority that the loss, misuse, unauthorized access, or modification of could adversely affect the national interest, the conduct of IRS programs, or the privacy to which individuals are entitled under law." To gain that access, contractors have to submit to background checks.
One wonders how 14,000 contractors, plus actual IRS employees, can be expected to keep that stuff close to their vests, but the point is moot, since the IRS didn't follow its own rules, anyway. The tax collection agency failed to perform background checks when handing out five reviewed contracts for courier, printing, document recovery, and sign language interpreter services. The report also found a dozen other contracts where the IRS planned to perform background checks, but didn't get to all of the people on the job.
One contract was awarded to print and mail IRS tax forms during which the IRS provided the contractor a compact disk containing 1.4 million taxpayers' names, addresses, and Social Security Numbers. The IRS used a Government Printing Office contract to fulfill this requirement; however, the IRS had not provided the Government Printing Office with the appropriate security provisions for inclusion in the related solicitation and contract as required.
None of the contractor personnel who worked on this contract underwent a background investigation.
The report concludes that "Allowing contractor personnel access to and custody of sensitive information prior to the appropriate background screening process increases the risk to taxpayers and the IRS of misuse of taxpayer and other sensitive data and possible identity theft."
This is true, but it's worth pointing out that the IRS is currently embroiled in a scandal over the deliberate misuse of tax data and its power over tax rules. Adding carelessness on top of that, along with permitted access to sensitive data by tens of thousands of government employees and temps, is just gravy.
It's obvious that letting the IRS compel the public to disclose abusable information is a really bad idea in itself.