Thousands of IRS employees had their personal information put at risk when an agency staffer brought home an unencrypted thumb drive, the agency said in a statement on Tuesday.
In its statement, the IRS stressed that the issue dates back to at least 2007, and does not involve taxpayer information or records.
The agency added that there’s no evidence any of the employee information was used for identity theft. It also “strongly believes” that a similar situation could not happen today because of strengthened encryption policies the IRS started implementing in 2008.
Still, John Koskinen, the IRS commissioner, told employees in an agency-wide message that “this incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data — whether it involves our fellow employees or taxpayers.”
“I want you to know that we take the privacy and security of our employees very seriously,” Koskinen said.
The commissioner added that IRS had been informed of the issue a few days ago, and has been working with Treasury’s inspector general for tax administration to investigate the matter. Koskinen did not mention the staffer who brought the thumb drive home by name, nor did the IRS statement.
But Koskinen did say that most of the employees whose information was involved no longer work for the IRS. The vast majority of them worked in Delaware, New Jersey or Pennsylvania.
The IRS will provide a free year of identity theft monitoring for affected employees.
The Securities and Exchange Commission told staffers last year that some employees might have also seen their personal information exposed because of a thumb drive. The SEC said that a staffer accidentally transferred sensitive information to the systems of a separate agency.
The latest admission from the IRS piqued the interest of top GOP lawmakers, who are still investigating the improper scrutiny the agency gave to groups seeking tax-exempt status.
"In the past, the IRS has released personal taxpayer information to the public, and has not been able to effectively prevent and detect identity theft," House Ways and Means Chairman Dave Camp (R-Mich.) said in a statement.
"This latest report is concerning. The IRS has repeatedly broken the American people’s trust, and the Ways and Means Committee will take a thorough look into this incident."
This story was updated at 5:23 p.m.