There's a security risk for virtually every business using technology. Not even the IRS is immune. On March 18, the nation's tax-collection agency revealed a serious security breach. According to various published reports, an IRS worker used a thumb drive to take home personal information on approximately 20,000 IRS employees, former employees, and contractors. The data includes names, Social Security numbers, and addresses. If it happened to the IRS, it can happen to you.
IRS officials say they're looking further into the matter but haven't acknowledged any major repercussions as of yet. "At this point, we have no direct evidence to indicate this personal information has been used for identity theft or other inappropriate uses," said IRS Commissioner John Koskinen in a prepared statement, as reported by the Associated Press.
Koskinen was also quick to point out that the theft didn't involve any taxpayer information. The IRS is calling the event an "isolated incident," as reported by Bloomberg, but is still treating it as a top priority. Its investigation will be conducted with assistance from the Treasury Inspector General. In an e-mail sent to employees, the IRS's head honcho wrote, "This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data – whether it involves our fellow employees or taxpayers."
Most of the staffers whose information was exposed worked at IRS offices in Pennsylvania, New Jersey, and Delaware and are no longer employed by the agency. Koskinen said that each one would be personally contacted and offered free ID theft monitoring.
The news about the theft quickly spread through Washington and resulted in more scolding of the national tax-collection agency. The IRS has already been reprimanded this past year for several missteps, including the "Tea Party scandal" involving tax-exempt applications by conservative groups and misuse of taxpayer funds for frivolous purposes.
"In the past, the IRS has released personal taxpayer information to the public, and has not been able to effectively prevent and detect identity theft," said Representative Dave Camp (R-MI), chairman of the House tax-writing committee. "This latest report is concerning. The IRS has repeatedly broken the American people's trust, and the Ways and Means Committee will take a thorough look into this incident."
Lesson to be learned: Don't think this sort of thing can't happen to you. How many workers and others in your office have easy access to sensitive information about clients? What would happen to your livelihood if someone stole this information and used it for illegal means or sold it to other criminals? Take the time to review your IT security to ensure that adequate safeguards are in place.