Listen to the article
The IRS inadvertently disclosed thousands of taxpayers’ private information to the Department of Homeland Security as part of a controversial data-sharing agreement aimed at identifying and deporting undocumented immigrants, according to a new court filing.
The disclosure was revealed in a declaration filed Wednesday by IRS Chief Risk and Control Officer Dottie Romo, who stated that the tax agency was only able to verify about 47,000 of the 1.28 million names that U.S. Immigration and Customs Enforcement (ICE) had submitted for cross-verification. For less than 5% of those individuals—amounting to potentially thousands of people—the IRS improperly provided ICE with additional address information that may have violated federal privacy protections for taxpayer data.
The data-sharing arrangement stems from an agreement signed last April by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem. The agreement allowed ICE to submit names and addresses of suspected undocumented immigrants to the IRS for verification against tax records.
According to Romo’s filing, Treasury notified DHS in January about the error and requested assistance in “promptly taking steps to remediate the matter consistent with federal law.” This includes the “appropriate disposal of any data provided to ICE by IRS based on incomplete or insufficient address information.”
The revelation has intensified concerns among privacy and immigrant rights advocates who have been fighting the agreement since its inception. Public Citizen filed a lawsuit against both federal departments shortly after the agreement was signed last year, representing several immigrant rights organizations.
“This breach of confidential information was part of the reason we filed our lawsuit in the first place,” said Lisa Gilbert, co-president of Public Citizen. “Sharing this private taxpayer data creates chaos and, as we’ve seen this past year, if federal agents use this private information to track down individuals, it can endanger lives.”
Legal challenges to the data-sharing agreement have already yielded some results. Last November, a federal court blocked the IRS from sharing information with DHS, ruling that the tax agency had illegally disseminated tax data of some migrants during the summer. More recently, a Massachusetts federal court specifically ordered the IRS to stop sharing residential addresses with ICE.
The information-sharing agreement has been particularly controversial because it appears to conflict with longstanding legal protections for taxpayer information. Tax privacy laws were designed to encourage compliance with tax obligations regardless of immigration status, with strict limitations on how the IRS can share taxpayer data with other government agencies.
Tom Bowman, policy counsel for the Center for Democracy & Technology, emphasized the significance of the breach, stating that “the improper sharing of taxpayer data is unsafe, unlawful, and subject to serious criminal penalties.”
“Once taxpayer data is opened to immigration enforcement, mistakes are inevitable and the consequences fall on innocent people,” Bowman added. “The disclosure of thousands of confidential records unfortunately shows precisely why strict legal firewalls exist and have—until now—been treated as an important guardrail.”
The scale of the error is substantial within the context of the program. While ICE submitted 1.28 million names for verification, the IRS was only able to confirm matches for about 47,000 individuals—less than 4% of those submitted. This suggests significant challenges in the data matching process itself, raising further questions about the program’s efficacy and precision.
The IRS did not respond to requests for comment from the Associated Press, which initially reported on the court filing after The Washington Post broke the story.
The incident highlights the ongoing tension between immigration enforcement priorities and taxpayer privacy protections, a balance that courts are actively examining as litigation surrounding the data-sharing agreement continues.
Fact Checker
Verify the accuracy of this article using The Disinformation Commission analysis and real-time sources.
14 Comments
This incident raises serious concerns about the IRS’s data security practices. Taxpayers must be able to trust that their sensitive information is being properly safeguarded.
Absolutely, the IRS needs to thoroughly investigate this breach and take corrective actions to ensure similar incidents do not occur in the future.
This is a concerning development that underscores the importance of robust data security protocols at government agencies like the IRS. Taxpayer privacy must be a top priority.
This is a concerning privacy breach at the IRS. Taxpayer data should be closely guarded and not shared without proper authorization and consent. I hope the IRS takes swift action to rectify this issue and strengthen data security protocols.
Agreed, the IRS needs to be more diligent in protecting taxpayer information. This type of data sharing without proper verification poses serious risks to individual privacy.
Disclosing taxpayer information to DHS without proper protocols is very troubling. The IRS should be held accountable for this breach and must take immediate steps to prevent such lapses in the future.
Exactly, the IRS has a fiduciary duty to safeguard taxpayer data. This incident requires a thorough investigation and robust remedies to restore public trust.
I’m curious to learn more about the specific circumstances that led to this privacy breach at the IRS. Proper data handling protocols are essential for maintaining public trust in government institutions.
The IRS needs to be more transparent about this privacy breach and the steps it is taking to address the issue. Maintaining public trust in government institutions is critical.
Agreed, the IRS should provide clear and timely updates on this incident and the measures being implemented to prevent future data leaks.
While the IRS-DHS data sharing agreement may have good intentions, this privacy breach undermines that purpose. Taxpayers deserve robust protections for their sensitive financial information.
While the IRS-DHS data sharing agreement may have had valid intentions, this privacy breach is unacceptable. Taxpayers deserve the highest levels of data protection from the IRS.
This is an unacceptable violation of taxpayer privacy. The IRS must take immediate steps to correct this issue and strengthen data security protocols to prevent future breaches.
Agreed, the IRS should be held accountable for this lapse in data protection. Taxpayers deserve the highest standards of confidentiality from government agencies.