WASHINGTON, March 18 The personal data of about
20,000 U.S. Internal Revenue Service employees going back to
2007 or earlier may have been exposed on the Internet, but no
general taxpayer information or records were part of the
security breach, the agency said on Tuesday.
IRS Commissioner John Koskinen said in a statement that an
unencrypted thumb drive containing the information was plugged
into an employee's unsecured home network, making the
information potentially accessible to third parties online.
He said the drive contained "sensitive personnel
information, including names, Social Security numbers and
addresses, of some employees, former employees and contracted
Koskinen said: "At this point, we have no direct evidence to
indicate this personal information has been used for identity
theft or other inappropriate uses."
The 20,000 employees worked in Pennsylvania, New Jersey and
Delaware, the IRS said.
Representative Dave Camp, the Republican who chairs a
congressional panel that oversees the IRS, said: "The IRS has
repeatedly broken the American people's trust, and the Ways and
Means Committee will take a thorough look into this incident."
(Reporting by Patrick Temple-West; Editing by Kevin Drawbaugh
and Amanda Kwan)