Internal Revenue Service Vendor Cyber Rating & Cyber Score

irs.gov
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Welcome to the Internal Revenue Service’s official LinkedIn account. Here, you will find the latest and greatest news and updates for taxpayers to help them understand and meet their tax responsibilities. Also, this is a place to learn about a meaningful career with the IRS. Check out the tabs above to learn more about us and view job openings. The U.S. government does not promote or endorse any non-government or commercial content appearing on this page. This service is operated by a third party and not an official government website. The IRS strongly discourages you from providing personally identifiable information. Read our privacy policy at www.irs.gov/privacy

Internal Revenue Service A.I CyberSecurity Scoring

IRS

Company Details

Linkedin ID:

irs

Website:

http://www.irs.gov

Employees number:

48,949

Number of followers:

365,225

NAICS:

92

Industry Type:

Government Administration

Homepage:

irs.gov

IP Addresses:

Scan still pending

Company ID:

INT_1279664

Scan Status:

In-progress

AI scoreIRS Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/irs.jpeg
IRS Government Administration
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreIRS Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/irs.jpeg
IRS Government Administration
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Internal Revenue Service

Weak
Current Score
651
B (Weak)
01000
5 incidents
-17.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
651
MARCH 2026
649
FEBRUARY 2026
647
JANUARY 2026
645
DECEMBER 2025
642
NOVEMBER 2025
639
OCTOBER 2025
652
Cyber Attack
27 Oct 2025 • Internal Revenue Service (IRS)
Tax Refund Fraud and Monetization of Stolen Personal Information

A cybercriminal exploited stolen taxpayer data to file fraudulent tax returns, targeting refunds under the victim’s identity. While the IRS has robust safeguards to detect such fraud, the breach exposed sensitive personal and financial information—including Social Security numbers, bank details, and tax records. The attackers primarily aimed to monetize the stolen data by opening unauthorized credit cards, selling the information on dark web marketplaces, or directly draining bank accounts via fraudulent transfers. Though the tax refund fraud itself had limited success due to IRS protections, the broader misuse of the compromised data led to financial losses for affected individuals, including unauthorized transactions, credit damage, and potential identity theft. The incident underscored vulnerabilities in third-party systems handling tax-related data, where cybercriminals leveraged phishing or database exploits to harvest credentials. While no large-scale systemic outage occurred, the reputational harm to the IRS and affected taxpayers was significant, eroding trust in digital tax filing security.

635
high -17
IRS2822328102725
Incident Details -
Type
identity theft financial fraud data monetization
Attack Vector
stolen personal information phishing data breach (unspecified)
Motivation
financial gain
Impact
potential unauthorized bank transfers fraudulent tax refunds unauthorized credit card charges personal identifiable information (PII) tax-related data bank account details potential increase due to identity theft or fraudulent activities potential reputational damage to affected individuals or institutions potential liability for financial institutions or tax agencies if negligence is proven Identity Theft Risk: high Payment Information Risk: high
Response
potential involvement of IRS Criminal Investigation (CI) unit FBI for severe cases IRS safeguards to detect fraudulent filings identity verification protocols victim credit monitoring fraud alerts on credit reports IRS Identity Protection PIN (IP PIN) disputing fraudulent transactions filing identity theft affidavits (e.g., IRS Form 14039) IRS public advisories on tax-related identity theft victim notification protocols credit monitoring services for victims IRS fraud detection systems
Data Breach
Social Security numbers (SSN) taxpayer identification numbers bank account details personal identifiable information (PII) Sensitivity Of Data: high likely, if data was stolen from third-party breaches full name address date of birth SSN financial records
Regulatory Compliance
potential violations of IRS data protection policies state-level data breach notification laws if PII is exposed potential lawsuits against entities responsible for data leaks IRS may require notifications for confirmed identity theft cases
Lessons Learned
Tax-related identity theft highlights the need for proactive monitoring of PII beyond tax season. Multi-factor authentication (MFA) and IP PINs can mitigate fraudulent tax filings. Public awareness campaigns are critical to educate taxpayers on recognizing and reporting identity theft.
Recommendations
Enable IRS IP PIN for tax filings to prevent fraudulent returns. Monitor credit reports and bank statements regularly for unauthorized activity. Use identity theft protection services, especially after known data breaches. Report suspected tax fraud to the IRS immediately via Form 14039. Organizations handling PII should implement robust encryption and access controls to prevent data exfiltration.
Customer Advisories
Taxpayers are advised to file taxes early to reduce the window for fraudulent filings.
Stakeholder Advisories
IRS publishes annual warnings about tax-related identity theft during filing season.
Initial Access Broker
phishing attacks data breaches at third-party organizations malware infections taxpayer PII financial account credentials likely, as stolen PII is often traded on dark web marketplaces
Post Incident Analysis
Weak protection of PII by third-party entities (e.g., employers, financial institutions). Lack of public awareness about tax-related identity theft risks. Delayed detection of fraudulent activities due to manual review processes. Strengthen IRS fraud detection algorithms to flag suspicious filings. Mandate IP PIN usage for high-risk taxpayers. Improve collaboration between financial institutions and tax agencies to share threat intelligence.
References
Blog URL Source URL
SEPTEMBER 2025
650
AUGUST 2025
647
JULY 2025
644
JUNE 2025
641
MAY 2025
638
APRIL 2025
719
Breach
01 Apr 2025 • Internal Revenue Service: A privacy breach at the IRS: Taxpayer data wrongly shared with DHS, court filing says
IRS Erroneously Shared Taxpayer Data with DHS in Immigration Enforcement Dispute

**IRS Erroneously Shared Taxpayer Data with DHS in Immigration Enforcement Dispute** A controversial data-sharing agreement between the IRS and the Department of Homeland Security (DHS) has led to the unauthorized disclosure of thousands of taxpayers’ confidential records, according to a recent court filing. The agreement, signed in April 2023 by Treasury Secretary Scott Bessent and DHS Secretary Kristi Noem, authorized U.S. Immigration and Customs Enforcement (ICE) to submit names and addresses of undocumented immigrants to the IRS for cross-verification against tax records ostensibly to aid deportation efforts. However, IRS Chief Risk and Control Officer Dottie Romo revealed in a declaration filed this week that the agency erroneously shared additional taxpayer information with ICE, including residential addresses, for roughly 47,000 of the 1.28 million names requested. The IRS later acknowledged the error in January, notifying DHS and requesting the improperly shared data be disposed of in accordance with federal law. Advocacy groups, including Public Citizen and the Center for Democracy & Technology, argue the breach violates long-standing privacy protections and could endanger individuals if misused by enforcement agencies. The incident has intensified legal challenges to the IRS-DHS agreement. In November 2023, a federal court blocked the IRS from sharing tax data with DHS, ruling that the agency had unlawfully disseminated migrants’ records the previous summer. A Massachusetts federal court later ordered the IRS to halt the sharing of residential addresses with ICE. The dispute stems from a lawsuit filed by immigrant rights groups shortly after the agreement was signed, which alleged the policy undermined taxpayer privacy and legal safeguards. Critics warn the breach could have broader implications, including the potential for malicious targeting of Americans or further erosion of trust in tax confidentiality. The IRS has not publicly commented on the matter, and the extent of ICE’s use of the shared data remains unclear. The case underscores ongoing tensions between immigration enforcement and data privacy protections within federal agencies.

632
critical -87
IRS1770978857
Incident Details -
Type
Data Breach
Vulnerability Exploited
Policy/Procedural Failure
Motivation
Immigration Enforcement
Impact
Data Compromised: Taxpayer records, residential addresses Systems Affected: IRS data-sharing systems Operational Impact: Legal challenges, policy suspension Brand Reputation Impact: Erosion of trust in tax confidentiality Legal Liabilities: Ongoing lawsuits, regulatory violations Identity Theft Risk: High (residential addresses exposed)
Response
Containment Measures: IRS requested improperly shared data be disposed of Remediation Measures: Policy suspension, court-ordered halt to data sharing Communication Strategy: Limited public comment
Data Breach
Type Of Data Compromised: Taxpayer records, residential addresses Number Of Records Exposed: 47,000 Sensitivity Of Data: High (PII, residential addresses) Data Exfiltration: Shared with ICE Personally Identifiable Information: Names, residential addresses
Regulatory Compliance
Taxpayer privacy protections Federal data-sharing laws Legal Actions: Ongoing lawsuits (e.g., immigrant rights groups)
Lessons Learned
Need for stricter controls on government data-sharing agreements; potential risks of exposing sensitive taxpayer information to enforcement agencies.
Recommendations
Review and strengthen IRS-DHS data-sharing policies; implement audit mechanisms for inter-agency data requests; enhance transparency and public accountability.
Investigation Status
['Ongoing (legal challenges, policy review)']
Stakeholder Advisories
Immigrant rights groups, taxpayer advocacy organizations
Post Incident Analysis
Root Causes: Flawed data-sharing agreement; lack of procedural safeguards; miscommunication between IRS and DHS Corrective Actions: Court-ordered suspension of data sharing; policy review; potential legislative reforms
References
Blog URL Source URL
JANUARY 2025
748
Breach
01 Jan 2025 • Experian, Equifax, U.S. Government and Internal Revenue Service: Social Security data breach raises identity theft risk for millions
Unauthorized Social Security Data Access Raises Identity Theft Risks for Millions

**Unauthorized Social Security Data Access Raises Identity Theft Risks for Millions** The Trump administration recently acknowledged in a court filing that U.S. agents accessed and shared sensitive Social Security data without authorization, following whistleblower allegations and a lawsuit claiming the information was misused for political purposes. While the full scope of the exposure remains unclear, cybersecurity and privacy experts warn that the breach underscores a persistent threat: Social Security numbers (SSNs) are among the most valuable tools for identity thieves, enabling fraud that often goes undetected until financial or tax-related damage occurs. Experts emphasize that even limited exposure of SSNs can lead to severe consequences, including fraudulent credit applications, tax refund theft, medical identity theft, and unauthorized account takeovers. Criminals may use stolen data to file bogus insurance claims, manipulate medical records, or open new financial accounts activity that may not appear on traditional credit reports. Former federal prosecutor and privacy advocate Loewry noted that financial crimes rarely originate from credit reports, making proactive monitoring of bank, investment, and retirement accounts critical. To mitigate risks, experts recommend several immediate steps: - **Freezing credit** at all three major bureaus (Equifax, Experian, TransUnion) and the National Consumer Telecom & Utilities Exchange (NCTUE), which is used for telecom and utility approvals. - **Establishing an online Social Security account** to prevent criminals from redirecting benefit payments. - **Obtaining an IRS Identity Protection PIN** to block fraudulent tax filings. - **Enabling two-factor authentication** on financial and online accounts. - **Monitoring the dark web** for signs of exposed personal data, such as SSNs or email addresses. The breach highlights broader vulnerabilities in how SSNs are stored and accessed, with experts advising consumers not to wait for confirmation of exposure before taking protective measures. Given the long-term risks including fraud that may surface years after initial exposure vigilance across all financial and medical accounts is essential.

693
critical -55
EXPEQUUNIIRS1769265453
Incident Details -
Type
Data Breach
Attack Vector
Unauthorized Access
Motivation
Political misuse (alleged)
Impact
Data Compromised: Social Security numbers (SSNs) Brand Reputation Impact: Potential reputational damage to U.S. government agencies Legal Liabilities: Lawsuit and regulatory scrutiny Identity Theft Risk: High (fraudulent credit applications, tax refund theft, medical identity theft, account takeovers)
Response
Freezing credit at major bureaus and NCTUE Establishing online Social Security accounts Obtaining IRS Identity Protection PIN Enabling two-factor authentication Monitoring the dark web for exposed data
Data Breach
Type Of Data Compromised: Social Security numbers (SSNs) Sensitivity Of Data: High (PII) Personally Identifiable Information: SSNs, potential financial and medical data
Regulatory Compliance
Legal Actions: Lawsuit filed
Lessons Learned
SSNs are highly valuable for identity theft, and exposure can lead to long-term fraud risks. Proactive monitoring and protective measures (e.g., credit freezes, IRS PINs) are critical even without confirmed exposure.
Recommendations
Freeze credit at Equifax, Experian, TransUnion, and NCTUE Establish an online Social Security account to prevent benefit redirection Obtain an IRS Identity Protection PIN Enable two-factor authentication on financial and online accounts Monitor the dark web for exposed SSNs or email addresses Vigilantly monitor financial and medical accounts for fraud
Customer Advisories
Consumers advised to take protective measures regardless of confirmed exposure.
Post Incident Analysis
Root Causes: Unauthorized access and sharing of SSNs by U.S. agents (alleged misuse)
References
Blog URL Source URL
JANUARY 2021
742
Breach
01 Jan 2021 • Internal Revenue Service
IRS Data Breach

The hackers targeted the networks of Internal Revenue Services and breached the personal information of about 104,000 taxpayers. The stolen information included personal information like Social Security number, date of birth, address, and tax filing status of several years. IRS warned the taxpayers to be alerted of any suspicious activities.

674
critical -68
INT93916422
Incident Details -
Type
Data Breach
Impact
Social Security number date of birth address tax filing status
Response
IRS warned the taxpayers to be alerted of any suspicious activities
Data Breach
Personal Information Social Security number date of birth address tax filing status
References
Blog URL Source URL
JANUARY 2018
801
Breach
01 Jan 2018 • Booz Allen Hamilton, Internal Revenue Service and U.S. Department of the Treasury: Feds yank contracts with Booz Allen Hamilton after Trump tax leak
Treasury Cancels Booz Allen Hamilton Contracts After Massive Tax Data Leak

**Treasury Cancels Booz Allen Hamilton Contracts After Massive Tax Data Leak** The U.S. Department of the Treasury announced on Monday the termination of all contracts with consulting firm Booz Allen Hamilton following a major breach involving the leak of sensitive tax information. The decision comes after former IRS contractor Charles Edward Littlejohn, who worked for Booz Allen, was sentenced in 2024 to five years in prison for disclosing confidential tax records including those of former President Donald Trump to media outlets. Between 2018 and 2020, Littlejohn provided stolen tax data to *The New York Times* and *ProPublica*, an act prosecutors described as "unparalleled in the IRS's history." The breach exposed records belonging to approximately 406,000 individuals, though the Treasury’s statement did not explicitly mention Trump’s leaked returns. Treasury Secretary Scott Bessent stated that the cancellation was necessary to "increase Americans' trust in government," citing Booz Allen’s failure to implement adequate safeguards for sensitive taxpayer data. The department had 31 active contracts with the firm, totaling $4.8 million in annual spending and $21 million in total obligations. Court documents revealed that Littlejohn intentionally sought the contractor role to access Trump’s tax returns, using his technical skills to extract data without detection. At his sentencing in January 2024, he acknowledged his actions, stating, *"I used my skills to systematically violate the privacy of thousands of people."* Booz Allen Hamilton has not yet commented on the termination.

689
critical -112
BOOIRSUS-1769454012
Incident Details -
Type
Data Breach
Attack Vector
Insider Threat
Vulnerability Exploited
Inadequate safeguards for sensitive data
Motivation
Intentional disclosure to media outlets
Impact
Financial Loss: $21 million (total contract obligations) Data Compromised: Sensitive tax records Systems Affected: IRS tax record systems Operational Impact: Termination of contracts with Booz Allen Hamilton Brand Reputation Impact: Loss of trust in government and contractor Identity Theft Risk: High
Response
Law Enforcement Notified: Yes Containment Measures: Termination of contracts Communication Strategy: Public statement by Treasury Secretary
Data Breach
Type Of Data Compromised: Tax records Number Of Records Exposed: 406,000 Sensitivity Of Data: High (confidential taxpayer information) Data Exfiltration: Yes Personally Identifiable Information: Yes
Regulatory Compliance
Legal Actions: Criminal prosecution of Charles Edward Littlejohn
Lessons Learned
Need for improved safeguards and monitoring of contractors with access to sensitive data
Recommendations
Enhance insider threat detection, implement stricter access controls, and conduct regular audits of contractor activities
Investigation Status
['Completed (sentencing of threat actor)']
Stakeholder Advisories
Public statement by Treasury Secretary Scott Bessent
Initial Access Broker
High Value Targets: Former President Donald Trump's tax returns
Post Incident Analysis
Root Causes: Inadequate safeguards for sensitive data, insider threat exploitation Corrective Actions: Termination of contracts with Booz Allen Hamilton
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Internal Revenue Service is 651, which corresponds to a Weak rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 649.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 647.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 645.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 642.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 639.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 652.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 650.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 647.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 644.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 641.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 638.

Over the past 12 months, the average per-incident point impact on Internal Revenue Service’s A.I Rankiteo Cyber Score has been -17.0 points.

You can access Internal Revenue Service’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/irs.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Internal Revenue Service’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/irs.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.