Bloomberg reports approximately 20,000 U.S. Internal Revenue Service (IRS) employees' personal information may have been exposed when an employee took the data home on an unencrypted USB drive, then plugged that USB drive into an Internet-connected and unsecured home computer (h/t ESET).
The names, Social Security numbers and home addresses of 20,000 current and former IRS employees who worked in Pennsylvania, New Jersey and Delaware may have been exposed.
According to the IRS, this happened a while ago -- the incident dates back to 2007 or earlier -- and there's no indication at this point that the information was used inappropriately.
"The IRS strongly believes this situation could not occur in today’s environment, because starting in 2008 we added automatic encryption for any external portable devices attached to our systems," the IRS said in a statement.
All affected employees are being notified.
"This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data -- whether it involves our fellow employees or taxpayers," IRS commissioner John Koskinen wrote in a message to employees.
Photo courtesy of Shutterstock.