As if identity theft wasn’t problem enough for Americans, now it appears the Internal Revenue Service may be helping the thieves.

A new report from IRS’ Treasury Inspector General for Tax Administration, or TIGTA, found some of the agency’s contract employees had access to taxpayer data despite not having undergone required background checks.

“TIGTA found that taxpayer data and other [Sensitive But Unclassified] information may be at risk due to a lack of background investigation requirements in five contracts for courier, printing, document recovery and sign language interpreter services,” the auditor said.

>>> How the IRS Handled a Case of Identity Theft … in Only 850 Days

In one contract for printing services, the IRS provided the contractor a CD containing 1.4 million taxpayer names, addresses and Social Security numbers. None of the contractor personnel who worked on this contract were subject to a background investigation.

In addition, TIGTA found 12 service contracts for which employee background checks were required by the contract; however, some contractor personnel did not have interim access approval or final background investigations before they began working on the contracts. Further, TIGTA identified 20 contracts for which some contractor personnel did not sign nondisclosure agreements. The IRS subsequently issued more explicit guidance requiring the execution of nondisclosure agreements.

TIGTA recommends the IRS:

  • Ensure service contracts have appropriate security provisions and that appropriate background checks are conducted before they begin work.
  • Provide training for staff on contractor security requirements.
  • Work with the Department of the Treasury Security Office to review the waiver now in place that exempts contracted expert witnesses from background investigations and determine if the waiver is still appropriate in the current security environment.

The IRS signed off on four of TIGTA’s recommendations, but it disagreed with the waiver guidance.