The personal information – including Social Security numbers – of 20,000 current and former U.S. Internal Revenue Service (IRS) workers may be at risk after an employee took home a thumb drive that contained the unencrypted data and plugged it into an unsecured home network.
How many victims? 20,000.
What type of personal information? Names, addresses and Social Security numbers.
What happened? An employee took home a thumb drive containing the unencrypted personal data and plugged it into an unsecured home network, making it potentially accessible.
What was the response? The IRS is investigating the incident with the inspector general. The IRS began notifying officials of the breach “a few days ago.” All impacted employees are being notified.
Details: Most of the impacted employees worked in Pennsylvania, Delaware and New Jersey. The information dates back to 2007, prior to the IRS implementing automatic encryption. The IRS has no knowledge of the information being used for identity theft.
Quote: “This was not a problem with our network or systems, but rather an isolated incident,” John Koskinen, IRS commissioner, said in a letter to employees.
Source: bloomberg.com, “IRS Employee Took Home Data on 20,000 Workers at Agency,” March 18, 2014.