An Internal Revenue Service employee took home personal information on about 20,000 IRS workers, former workers and contractors, putting the data at risk for public release, the agency said Tuesday.
The employee took home a computer thumb drive containing names, Social Security numbers and addresses of the workers, and plugged the drive into an unsecure home network, IRS Commissioner John Koskinen said in an email to employees.
"At this point, we have no direct evidence to indicate this personal information has been used for identity theft or other inappropriate uses," the IRS said in a statement.
Koskinen said the incident did not involve any taxpayer information. The IRS said the potential breach was an isolated incident.
Almost all the employees worked at IRS offices in Pennsylvania, New Jersey and Delaware. Most no longer work at the IRS. Koskinen said the agency was working to contact each of them, and would offer free identity theft monitoring.
The personal information dated back to at least 2007. The agency's inspector general was investigating the potential breach.
An IRS spokeswoman declined to comment on the status of the employee who took home the data, citing federal privacy laws.
The top Republican tax writer in Congress said the IRS should do a better job protecting confidential information.
"In the past, the IRS has released personal taxpayer information to the public, and has not been able to effectively prevent and detect identity theft," Rep. Dave Camp, R-Mich., chairman of the House Ways and Means Committee, said. "This latest report is concerning. The IRS has repeatedly broken the American people's trust, and the Ways and Means Committee will take a thorough look into this incident."