IRS Privacy Breach, Taxpayer Data Wrongly Shared With DHS—What Thousands of Affected Taxpayers Need to Know 2026

ByAll About Lawyer Reading Time: 6 minutes

The IRS erroneously shared the taxpayer information of thousands of people with the Department of Homeland Security as part of a controversial data-sharing agreement signed in April 2025. According to court filings made public on February 11, 2026, the IRS disclosed additional confidential address information for less than 5% of approximately 47,000 taxpayers whose data was verified through the program.

This breach stems from a data-sharing agreement between Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem that allows Immigration and Customs Enforcement to request taxpayer data for immigration enforcement purposes. A federal court had already blocked the IRS from sharing information with DHS in November 2025, ruling the agency illegally disseminated tax data.

What Happened in the IRS-DHS Data Breach

The revelation stems from a data-sharing agreement signed last April by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem, which allows U.S. Immigration and Customs Enforcement to submit names and addresses of immigrants inside the U.S. illegally to the IRS for cross-verification against tax records.

According to a declaration filed on February 11, 2026 by IRS Chief Risk and Control Officer Dottie Romo, ICE requested information on 1.28 million individuals. The IRS was only able to verify roughly 47,000 of the 1.28 million names ICE requested.

The problem? For less than 5% of those individuals, the IRS gave ICE additional address information, potentially violating privacy rules created to protect taxpayer data. This improper disclosure went beyond what the agreement permitted, exposing confidential taxpayer information without proper authorization.

The news of the erroneous disclosure was initially reported by The Washington Post. Treasury notified DHS of the error in January 2026 and requested assistance in disposing of any improperly shared data.

Who Is Affected and What Data Was Compromised

Approximately 2,350 taxpayers had their residential address information improperly shared with ICE, based on the “less than 5%” figure applied to the 47,000 verified records. The exposed information includes taxpayer names and residential addresses that were provided beyond what the IRS-DHS agreement authorized.

Unlike major data breaches involving Conduent Data Breach Class Action 2026 10 Feb Update, 25M+ Victims, 10+ Lawsuits Filed—Free Credit Monitoring Deadline March 31 where Social Security numbers and medical records were stolen, this breach involved address information that could be used by immigration enforcement authorities.

The IRS has not publicly confirmed which taxpayers were affected or whether individual notifications have been sent. If you filed taxes and have immigration-related concerns, your information may have been included in ICE’s 1.28 million-name request list.

Legal Implications and Government Response

Public Citizen filed a lawsuit against the Treasury secretary, the Homeland Security secretary and their respective agencies on behalf of several immigrant rights groups shortly after the agreement was signed. The case is currently on appeal in the D.C. Circuit Court of Appeals.

Most recently, a Massachusetts federal court ordered the IRS to stop sharing residential addresses with ICE. Additionally, a federal court blocked the IRS from sharing information with DHS in November 2025, saying the IRS illegally disseminated the tax data.

Rep. Richard Neal, D-Massachusetts, the top Democrat on the tax-writing House Ways and Means Committee, stated the Trump Administration just committed a grave crime against taxpayers, clearly showing why data sharing among agencies is not something to be undertaken lightly.

Privacy advocates warn of broader consequences. Lisa Gilbert, co-president of Public Citizen said that “this breach of confidential information was part of the reason we filed our lawsuit in the first place. Sharing this private taxpayer data creates chaos and, as we’ve seen this past year, if federal agents use this private information to track down individuals, it can endanger lives.”

The IRS has not issued a formal public statement addressing the February 2026 court filing revelations. A spokesperson did not respond to Associated Press requests for comment.

What Affected Taxpayers Can Do Now

If you believe your data may have been improperly shared, take these immediate steps to protect yourself.

Monitor your tax account activity through the IRS website. Create an account at IRS.gov and review any unusual activity or changes to your information. Watch for unexpected IRS notices about income you didn’t report.

Consider identity theft protection measures similar to those recommended for What Does The FBI Do About Identity Theft In 2025? victims. While this breach involves addresses rather than Social Security numbers, it’s still prudent to monitor your credit reports.

Document any harassment or contact from immigration authorities that may be connected to tax information. Keep records of dates, times, and the nature of any enforcement actions.

Current Status and Ongoing Litigation

The Public Citizen lawsuit challenging the IRS-DHS data-sharing agreement remains active and is currently on appeal in the D.C. Circuit Court of Appeals as of February 2026.

Federal courts in Massachusetts and elsewhere have issued preliminary injunctions blocking further address sharing. Romo added that Treasury notified DHS in January of the error and requested DHS’ assistance in “promptly taking steps to remediate the matter consistent with federal law,” which includes “appropriate disposal of any data provided to ICE by IRS based on incomplete or insufficient address information.”

The IRS erroneously shared the taxpayer information of thousands of people with the Department of Homeland Security as part of a controversial data-sharing agreement signed in April 2025. According to court filings made public on February 11, 2026, the IRS disclosed additional confidential address information for less than 5% of approximately 47,000 taxpayers whose data was verified through the program.

No settlement or compensation program has been established for affected taxpayers. The litigation is still in relatively early stages, and any potential remedies would depend on court rulings in the ongoing cases.

Frequently Asked Questions

What is the IRS privacy breach about?

The IRS improperly shared residential address information for approximately 2,350 taxpayers with Immigration and Customs Enforcement beyond what was authorized under their data-sharing agreement. This occurred as part of a controversial program allowing ICE to request taxpayer data for immigration enforcement.

How much taxpayer data was affected?

ICE requested information on 1.28 million individuals, and the IRS verified roughly 47,000 of those names. For less than 5% of the verified individuals, the IRS gave ICE additional address information—affecting approximately 2,350 taxpayers.

Am I affected by this breach?

The IRS has not publicly released a list of affected taxpayers. If you filed taxes and may have been included in ICE’s database queries, your information could potentially have been shared. The IRS has not confirmed whether individual breach notifications were sent.

What types of personal information were compromised?

The improperly shared information included taxpayer names and residential addresses. This is different from typical data breaches like the Signature Performance $8.5M Data Breach Settlement, Claim Up To $5,000 By May 7, 2026 which involved Social Security numbers and medical records.

What is the IRS doing to fix this problem?

Treasury notified DHS in January 2026 of the error and requested assistance in disposing of improperly shared data. Federal courts have ordered the IRS to stop sharing residential addresses with ICE, and multiple injunctions are in place blocking the data-sharing program.

How can I protect myself from identity theft?

Monitor your IRS account for unusual activity, review your tax transcripts regularly, and consider placing fraud alerts on your credit reports. Learn more about protection strategies in How To Tell If Someone Is Using Your SSN?

Can I sue or file a claim for this breach?

Public Citizen’s lawsuit is currently proceeding on behalf of immigrant rights groups. Individual taxpayers may have legal claims depending on how they were harmed by the disclosure. Consult with a privacy attorney to evaluate whether you have grounds for an individual claim.

Where can I get help or report issues?

File a complaint with the Treasury Inspector General for Tax Administration if you believe your taxpayer data was mishandled. You can also contact privacy advocacy organizations like Public Citizen or the Identity Theft Resource Center for guidance on protecting your rights.

Last Updated: February 12, 2026

Disclaimer: This article provides general information about the IRS-DHS data breach and is not legal advice. For specific guidance about your situation, consult a qualified attorney.

If you’re concerned your taxpayer information was improperly shared, monitor your accounts and consider consulting a privacy attorney to understand your rights.

Stay informed, stay protected. — AllAboutLawyer.com

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *