U.S. Treasury Cancels Booz Allen Hamilton Contracts, Former Contractor Pleads Guilty to Taxpayer Data Breach
Published
Key Takeaways
- Contract Termination: The U.S. Treasury canceled all 31 active contracts with Booz Allen Hamilton, due to failures to protect data.
- Insider Data Access: A former Booz Allen contractor leaked IRS tax information affecting nearly 406,000 taxpayers.
- Government Response: Treasury said the decision aims to restore public trust and strengthen controls on federal contractors handling confidential data.
The U.S. Department of the Treasury has cancelled its contract with Booz Allen Hamilton, a consulting firm serving multiple U.S. federal agencies offering technology, and analytics services besides cybersecurity solutions to the U.S. Securities and Exchange Commission.
The Treasury in a written statement said that Booz Allen did not implement adequate security measures to safeguard taxpayer data per its contracts with the Internal Revenue Service (IRS).
Treasury Cites Data Protection Failures and Links Decision to Restoring Public Trust
An employee of Booz Allen Hamilton stole and released tax return data of nearly 406,000 individuals. Former contractor Charles Edward LittljJohn pleaded guilty to felony charges for his actions between 2018 and 2020 after accessing IRS data without authorization.
In a press release published on January 26, 2026, U.S., Treasury Secretary Scott Bessent announced the cancellation of all 31 contracts with the firm which totals $4.8M in spending annually besides $2.1M total in obligations.
While citing President Donald Trump’s focus on reducing waste, fraud, and abuse, Secretary Bessent said Booz Allen failed to implement adequate safeguards, which contributed to the compromise of taxpayer data it had access to through its contracts with the IRS.
The move was a part of steps that were necessary to restore and increase people’s trust in the U.S. government.
Further Misuse of Data
Tax data in the hands of adversaries could allow identity theft, false filings, and impersonation for further misuse of sensitive data. It could also be leveraged for social engineering, and long-term abuse of data through resale with other compromised information by cybercrime vendors on the dark web, which may remain circulated for years.
Moreover, affected individuals may be lured with phishing emails, increasing the risk of repeat exploitation, and unauthorized access to government and/or financial services.
It is essential to monitor tax records and financial statements regularly and report any unauthorized activity to relevant financial institutions. Filing fraud alerts and placing credit freezes should also be considered while ensuring multi-factor authentication is enabled across all accounts for added security.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular