Personal data for around 20,000 workers for the U.S. Internal Revenue Service (IRS), including names, social security numbers and addresses may have been exposed on the internet, after an employee plugged a thumb drive into a computer on an unsecured home network.
The breach affects 20,000 employees and ex-employees who worked in Pennsylvania, New Jersey and Delaware, the IRS said in a statement. No details about taxpayers, or tax records, were leaked in the breach, according to NBC’s report.
The commissioner of the IRS, John Koskinen, said that an unencrypted thumb drive had been plugged into an unsecured home network, meaning that the information had been potentially available to third parties online, according to news agency Reuters.
Koskinen said that, “At this point we have no direct evidence to indicate that this personal information has been used for identity theft or other inappropriate uses.” Many of the employees affected by the breach no longer work for the IRS, Koskinen said, and the agency would reach out to ex-employees to offer free identity theft monitoring, according to NBC’s report. .
Koskinen said that the drive contained, “sensitive personnel information, including names, Social Security numbers and addresses, of some employees, former employees and contracted employees.”
ABC News reported that Republican Dave Camp, chairman of the House Ways and Means Committee, said, “In the past, the IRS has released personal taxpayer information to the public, and has not been able to effectively prevent and detect identity theft. This latest report is concerning. The IRS has repeatedly broken the American people’s trust, and the Ways and Means Committee will take a thorough look into this incident.”
Author Rob Waugh, We Live Security