IRS watchdog: Contractors who failed background checks maintained access to sensitive agency systems

FILE - A sign for the Internal Revenue Service building in Washington, on May 4, 2021. The IRS says it expects to collect hundreds of billions of dollars more in overdue and unpaid taxes than previously anticipated using funding provided to the agency by the Democrats' Inflation Reduction Act.(AP Photo/Patrick Semansky, File)

WASHINGTON (AP) — A new IRS inspector general report said the nation's tax collection agency continued to give 19 contractors access to sensitive systems despite having background reports that were returned as “not favorable.”

Despite having the unfavorable rating returned as recently as July 13, 2023, “These contractors still retained their access to one or more sensitive systems because the IRS did not take action to suspend or disable the contractors from the IRS’s systems, as required,” according to a report issued this week by the Treasury Department’s inspector general for tax administration.

IRS Commissioner Daniel Werfel — who took over the agency last April — told The Associated Press that four of the contractors have since been terminated and the others have resubmitted their paperwork and received favorable background checks, adding that “there’s no implicit implication of any kind,” he said, “that these 19 contractors compromised taxpayer information in any way.”

An IRS spokesperson said due to privacy issues they could not provide specific dates for when the issues were flagged, but said they were “promptly resolved” when identified by TIGTA.

The report comes as access to sensitive taxpayer information has sparked calls for investigations — and calls for reform on taxes for the wealthy.

Last week, former IRS contractor Charles Edward Littlejohn of Washington, D.C., was sentenced to five years in prison after pleading guilty to leaking tax information about former President Donald Trump and thousands of the country’s wealthiest people to news outlets.

Littlejohn, 38, gave data to The New York Times and ProPublica between 2018 and 2020 in leaks that appeared to be “unparalleled in the IRS’s history,” prosecutors said.

Littlejohn had applied to work as a contractor to get Trump’s tax returns and carefully figured out how to search and extract tax data to avoid triggering suspicions internally, prosecutors said in court documents.

In February 2023, Rep. Jason Smith, the Republican chairman of the House Ways and Means Committee, sent a letter to TIGTA asking for a review of the leak. Smith’s office did not immediately respond to an Associated Press request for comment on the report.

Werfel is set to testify in front of the House Ways and Means Committee on Feb. 15.

In addition, the inspector general report outlined a slew of insufficiencies in the IRS security, stating that it “has repeatedly reported that a key deficiency in the IRS’s detection and deterrence processes is not ensuring that all sensitive systems are providing complete, accurate, and usable audit trail logs for monitoring and identifying unauthorized access and for other investigative purposes.”

Since 2002, TIGTA has issued seven reports that detail the IRS’s audit trail deficiencies, with the most recent report being issued in October 2023, the report states.

Werfel said that since the agency has received funding through Democrats' Inflation Reduction Act, it has been able to markedly improve the security of sensitive information, including audit trail deficiencies.

“Our data security and environment is dramatically better today than it was in 2017 to 2020 when this unauthorized access occurred," Werfel said. "And it’s dramatically better today because we now have the resources to make the right investments to strengthen our data security. And we have made dramatic changes.”

The report also states there were certain scenarios in which a terminated contractor could still have access, but Werfel said that “once a contractor no longer works for the IRS, they have no access to our network and therefore no access to sensitive data.”

“The fact remains," the report says, “for some sensitive systems, the IRS does not have adequate controls to detect or prevent the unauthorized removal of data by users.”


Associated Press reporter Lindsay Whitehurst contributed to this report.