An internal federal investigation found that the IRS failed to conduct or to complete IRS background checks on at least 17 contractors who were hired to process sensitive and private taxpayer information. The failure to conduct or complete these background investigations violated IRS procedures, which require IRS background checks whenever contractors have access to what is called SBU — Sensitive But Unclassified — taxpayer information.
The audit of the IRS background checks procedures was conducted by the Treasury Inspector General for Tax Administration, a government watchdog that provides independent oversight of IRS activities. The purpose of the Inspector General’s investigation and report were to find out how effective the IRS had been at ensuring that the required background investigations of contractors were carried out.
The investigation showed that the IRS had failed to ensure that the policies were properly carried out in the identified cases. The Inspector General made several recommendations to the IRS, including that the IRS provide better training to staff on security requirements when dealing with contractors.
The amount of information that may have been comprised due to the IRS’ failure to adequately investigate was huge. It included a CD containing the names, addresses, and social security numbers of 1.4 million taxpayers, which was handed to contractors who had not undergone the required background checks. With that information, someone with the intent to commit identity theft or other crimes could do an enormous amount of damage. Failing to conduct IRS background checks in such a situation violates not only government procedures, but also common sense.
Identity theft is an increasing problem. According to the AP and Yahoo News, the number of criminals who tried to file tax returns using stolen social security numbers in order to claim someone else’s refund has gone up sharply in recent years. A couple of years ago, in fact, the IRS paid out $4 billion in refunds to people who were later found to have fake identities, and it discovered an additional $12 billion in attempted fraud attempts that did not succeed.
Also in recent years, there have been several high-profile incidents involving government contractors who misused the information they had been given while performing the contracted work. This underscores the need for a consistently applied policy of background checks for all workers who will be handling sensitive data.