An Internal Revenue Service employee took home personal information on about 20,000 IRS workers, former workers and contractors, putting the data at risk for public release, the agency said Tuesday.
The employee took home a computer thumb drive containing names, Social Security numbers and addresses of the workers, and plugged the drive into an unsecure home network, IRS Commissioner John Koskinen said in an email to employees.
“At this point, we have no direct evidence to indicate this personal information has been used for identity theft or other inappropriate uses,” the IRS said in a statement.
Koskinen said the incident did not involve any taxpayer information. The IRS said the potential breach was an isolated incident.
Almost all the employees worked at IRS offices in Pennsylvania, New Jersey and Delaware. Most no longer work at the IRS. Koskinen said the agency was working to contact each of them, and would offer free identity theft monitoring.
The personal information dated back to at least 2007. The agency’s inspector general was investigating the potential breach.
An IRS spokeswoman declined to comment on the status of the employee who took home the data, citing federal privacy laws.