Background on the Littlejohn disclosures
Internal Revenue Service (IRS) contractor Charles Littlejohn pleaded guilty to unauthorized disclosure of tax return information and was sentenced to five years in federal prison for leaking protected taxpayer information. Littlejohn illegally obtained tax return information belonging to some of America’s wealthiest individuals, and disclosed the information to ProPublica, who published articles with such information.
One of the taxpayers affected by the disclosure, Citadel founder Ken Griffin, filed a lawsuit against the IRS, and a settlement of the case was announced on June 24, 2024. In light of the unauthorized disclosure and Ken Griffin’s suit against the IRS, the IRS has sent letters to affected individuals and issued a public apology on June 25, 2024. The letters acknowledge the disclosure and provide notification of the individual’s right to file a lawsuit against the government under IRC Section 7431.
Taxpayer information is protected under federal law, and IRS employees and contractors can be subject to criminal and civil penalties if they disclose taxpayer information to the public or parties who aren’t authorized by law to have access to it.
Following the breach, the IRS sent correspondence to affected taxpayers referencing their rights to bring an action under IRC Section 7431. Mr. Griffin filed a lawsuit under Section 7431 seeking money damages (including punitive damages), litigation costs, and equitable relief. After 18 months of litigation, media reports indicate that the government and Mr. Griffin reached a settlement, including an apology. The government defended the case, in part, on the basis that Littlejohn was a contractor — not an officer or employee — and therefore, the government wasn’t liable for his actions under Section 7431 (notwithstanding the information the IRS included on the notices they sent to affected taxpayers). The government in litigation suggested that Mr. Griffin should have sued Littlejohn seeking money damages instead of suing the IRS. Affected individuals should consult with their own attorneys for legal advice in this matter.
What should individuals affected by the Littlejohn disclosures do?
Security breaches have become a common fact of life in our modern digital age, and many taxpayers have received notices of unauthorized disclosure or theft of their protected information from credit bureaus, financial institutions, utility companies, and other entities that have access to their protected information. Individuals concerned about data privacy should take appropriate data privacy and security measures, including:
- Obtaining an IRS IP PIN (Identity Protection Personal Identification Number) at “Get An Identity Protection PIN | Internal Revenue Service” to provide greater security in filing future tax returns.
- Freezing their credit bureau files at experian.com, transunion.com, and equifax.com to prevent others from fraudulently opening credit accounts.
- Physically protecting documents that contain personal information and shredding them once the documents are no longer necessary.
- Using multifactor authentication and hard-to-guess passwords to prevent unauthorized digital access.
- Refusing to give personal information over the phone to suspicious persons.
These measures are just part of an overall plan to protect one’s private information. For individuals whose information has been compromised, the federal government offers additional resources at identitytheft.gov.
Taxpayers subject to U.S. tax must file any returns they are obligated to file under the U.S. Tax Code, even if they’re concerned about the security of their information. If taxpayers fail to file required tax returns due to concerns about information security, they can be subject to civil and/or criminal penalties. However, taking the steps outlined above can help reduce taxpayer’s risk of exposure or identity theft.