The IRS failed to do background checks on a number of private contractors who handled taxpayer information, putting over a million taxpayers at increased risk of identity theft and fraud, claims a new report.
One example shows the IRS gave a contracted printer a disc containing tax information and Social Security numbers of 1.4 million taxpayers, even though none of the contractor employees had the required background check. In that case the contractor was the Government Printing Office.
In another case, a courier who spent 21 years in prison after being charged with arson and other charges was allowed to transport sensitive documents.
The investigation reviewed 34 contracts from May 2013, and found five of those contracts did not involve background checks despite handling confidential information that was labeled as "sensitive but unclassified."
"Allowing contractor employees access to taxpayer data without appropriate background investigations exposes taxpayers to increased risk of fraud and identity theft," said J. Russell George, the government investigator who uncovered the data security breach. He is a Treasury inspector general for tax administration.
The IRS normally requires a thorough background check of contractors before they are allowed to handle confidential information such as taxpayers' names, addresses and Social Security numbers. There are around 10,000 private contractors that have access to such information. The report did not say if any of the information had been mishandled.
In addition, 20 contracts were also found by investigators in which personnel had not signed nondisclosure agreements.
The IRS issued $4 billion in fraudulent tax refunds in 2012 to people using stolen identities. In 2012, the IRS also blocked over $12 million in fraudulent refunds, according to an inspector general's report that was released last year.
"We take our responsibility to protect taxpayer information and other sensitive data very seriously, and we expect the same from our contractors," said the IRS in a statement.
"The IRS is committed to ensuring that background investigations are conducted for contractor personnel who have access to Sensitive but Unclassified (SBU) information. We have taken additional steps to ensure all necessary security provisions are in place to safeguard sensitive information."
The contracts uncovered by George and his investigators were for courier services, printing, document recovery and sign language interpretation.
The IRS acknowledged it needs to do more to ensure that everything is done aboveboard and that contractors sign nondisclosure agreements. The IRS rejected a recommendation the agency should require that expert witnesses also undergo background checks.