The security risks associated with giving out one’s social security number are well-known among Americans, and most believe that institutions like the Internal Revenue Service (IRS) take all necessary precautions to protect this information. However, Charles Littlejohn, the man who leaked former President Donald Trump’s tax returns to the media, warned that it was relatively easy for him to access the tax records of all Americans in his role as a contractor for the IRS.
Littlejohn, a 38-year-old contractor, pleaded guilty to one count of unauthorized disclosures of income tax returns in October and admitted to stealing not only Trump’s returns but also the tax data of “thousands of the nation’s wealthiest people.” He was also behind the leaks of tax records from Jeff Bezos and Elon Musk to ProPublica. He was sentenced to five years behind bars.
While working for Booz Allen Hamilton, a consulting firm that contracted with the IRS, Littlejohn had an IRS-issued laptop and email address. He boasted of being able to retrieve the tax returns of every American with ease. In his deposition, he admitted taking the tax records of 7,500 affluent individuals, stating “I was able to access tax returns at will.” The Department of Justice told the judge in the case that Littlejohn took the job specifically to gain access to Trump’s tax returns. He leaked the tax returns to two media outlets and then took steps to cover his tracks, but he was eventually caught.
The IRS sent notification letters to Littlejohn’s victims informing them of the unauthorized access. The notices were sent to thousands of businesses and individuals letting them know what he did and what their rights are as victims.
Littlejohn claimed that he “acted out of a sincere but misguided belief that I was serving the public” and said he wanted the public to know just how easily wealthy people can avoid taxes. However, prosecutors argued that he exploited loopholes in the system to obtain the records undetected, including downloading the data to an iPod and then uploading it to a private website.
Judge Ana Reyes called his actions “a threat to our democracy,” stating: “What you did in attacking the sitting president of the United States was an attack on our constitutional democracy. We’re talking about someone who … pulled off the biggest heist in IRS history.
The U.S. Government Accountability Office has identified weaknesses in the information security controls used by the IRS that pose a risk to taxpayer information, particularly when it comes to contractors. Since 2010, they have made 451 recommendations for strengthening safeguards for taxpayers’ information, and many of them have yet to be implemented, including some considered high priority. The office also cited unauthorized access and disclosure by employees of the IRS and cyber threats as two major threats to taxpayer data security.
While the Trump leak was highly publicized, and an investigation went to great lengths to uncover the perpetrator, it is concerning to consider how many other government contractors and agency workers have access to the tax records of ordinary Americans and could be accessing them every day without us knowing.