An Internal Revenue Service employee took home a computer thumb drive containing unencrypted data on 20,000 fellow workers, the agency said in a statement today.
The tax agency’s systems that hold personal data on hundreds of millions of Americans weren’t breached, the statement said.
“This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data – whether it involves our fellow employees or taxpayers,” IRS Commissioner John Koskinen said in a message to employees. “This was not a problem with our network or systems, but rather an isolated incident.”
The IRS is contacting the current and former employees involved, almost all of whom worked in Pennsylvania, Delaware and New Jersey. The information dates to 2007, before the IRS started using automatic encryption.
The Social Security numbers, names and addresses of employees and contract workers were potentially accessible online, Koskinen’s message said. The IRS said it had no knowledge that the information had been used to commit identity theft.
The agency’s statement said the IRS is working with its inspector general to investigate the incident. The statement didn’t say why the incident was discovered now, didn’t include the name of the employee who used the thumb drive and didn’t say whether the employee still works at the IRS.
© Copyright 2015 Bloomberg News. All rights reserved.