A Bipartisan Crisis That Transcends Politics

By Jessica I. Marschall, CPA, ISA AM, President MAS LLC, The Green Mission Inc., GM-ESG, and Probity Appraisal Group

February 12, 2026

Every April, more than 150 million Americans perform an extraordinary act of trust. They hand over to the federal government their full legal names, dates of birth, Social Security numbers, the names and Social Security numbers of their children, their wages, their investment gains and losses, their bank account and routing numbers, their home addresses, and intimate details of their financial lives. They do so not because they want to, but because the law requires it; and because they were promised, in law and in principle, that this information would be held confidential.

That promise is now being broken. And in any normal news cycle, this would be the dominant story in America.

This is not a partisan issue. It is not a left-versus-right argument. This is about the foundational compact between a government and its people: If you share your most sensitive personal data with us, we will use it only for the lawful collection of taxes. That promise, which is codified in federal law for nearly fifty years, is the bedrock upon which the American tax system stands. Without it, voluntary compliance collapses. And without voluntary compliance, the entire system fails.

The History: How America Built Its Tax System on Trust

From Tariffs to Income Tax: The 16th Amendment

For the first 124 years of the Republic, the federal government funded itself primarily through tariffs on imported goods and excise taxes on commodities like whiskey and tobacco. These taxes fell disproportionately on working Americans who spent a higher share of their income on goods. The concept of a federal income tax was radical, and was deeply controversial.

Congress first enacted an income tax during the Civil War through the Revenue Act of 1861, imposing a flat three percent tax on incomes above $800 to fund the Union war effort. The tax was graduated in 1862 and ultimately repealed in 1872. When Congress attempted to reimpose an income tax in 1894, the Supreme Court struck it down in Pollock v. Farmers’ Loan & Trust Co., ruling it an unconstitutional direct tax.

The movement for a permanent income tax grew throughout the Progressive Era. On February 3, 1913, the 16th Amendment to the Constitution was ratified, granting Congress the power “to lay and collect taxes on incomes, from whatever source derived.” The Revenue Act of 1913, signed by President Woodrow Wilson, established a one percent tax on incomes above $3,000, which affected approximately three percent of the population. The first Form 1040 appeared in 1914. It was three pages long.

The modern IRS took shape through President Truman’s 1952 reorganization, which replaced the patronage system with a career civil service, and President Eisenhower’s 1953 renaming of the Bureau of Internal Revenue to the Internal Revenue Service. The IRS Restructuring and Reform Act of 1998 further modernized the agency and established the Taxpayer Advocate Service.

From the beginning, one principle was implicit in this system: the information taxpayers provided would be used for tax administration and nothing else. But it took the scandals of the 1970s to make that principle explicit in law.

The Promise Made Law: IRC Section 6103

During the Watergate investigations, Congress discovered that President Richard Nixon had attempted to weaponize the IRS against his political enemies—seeking to access their tax returns, direct audits against them, and use their confidential financial information as a tool of political intimidation. The revelation horrified lawmakers on both sides of the aisle.

In 1976, Congress responded with the Tax Reform Act, which included a comprehensive overhaul of Section 6103 of the Internal Revenue Code. Passed with overwhelming bipartisan support, the modernized Section 6103 established the foundational rule that tax returns and return information “shall be confidential” and that no officer or employee of the federal government may disclose them for unauthorized purposes without the taxpayer’s consent.

The scope of what Section 6103 protects is deliberately broad. “Return information” encompasses not just the tax return itself, but any information received by, recorded by, prepared by, furnished to, or collected by the IRS with respect to a return. This includes a taxpayer’s name, address, Social Security number, income, deductions, credits, and any other data submitted to the government in the course of tax compliance.

Violations carry real consequences. Under IRC Section 7213, the willful unauthorized disclosure of tax return information is a felony punishable by up to five years in prison and a $5,000 fine. Under Section 7213A, the unauthorized inspection of a return or return information (even merely looking at it without authorization) is a misdemeanor carrying up to one year in prison and a $1,000 fine. Taxpayers whose information is wrongfully disclosed may also pursue civil damages under Section 7431.

This was not a partisan project. As the NYU Tax Law Center has documented, key members of both parties’ tax-writing committees have consistently championed taxpayer privacy. Senate Finance Committee Chairman Mike Crapo (R) has called for action to “prevent any violation of Americans’ privacy from happening again.” House Ways and Means Committee Chairman Jason Smith (R) has described violations of taxpayer privacy laws as “outrageous” and a “betrayal of taxpayer confidentiality,” and championed the Taxpayer Data Protection Act, which passed the House by voice vote with bipartisan support.

The GAO has stated it plainly: “Confidentiality of information reported to IRS is widely held to be a critical element of taxpayers’ willingness to provide information to IRS and comply with the tax laws.” The entire American tax system depends on this trust.

The Breach: What Is Happening Now

IRS Improperly Shares Taxpayer Data with DHS

On February 11, 2026, Accounting Today and the Washington Post reported that the Internal Revenue Service had improperly disclosed confidential taxpayer information on immigrants to the Department of Homeland Security. The IRS provided information on approximately 47,000 taxpayers after DHS requested data on 1.2 million individuals , which was before federal courts blocked the practice. Now, the IRS has reportedly discovered it inadvertently shared even more confidential information than initially disclosed on thousands of additional taxpayers.

This data sharing was facilitated by employees of the Department of Government Efficiency (DOGE), who provided access to confidential taxpayer information despite safeguards under federal law. The resulting controversy contributed to the departure of high-level IRS officials, including acting commissioner Melanie Krause. Multiple federal courts have preliminarily concluded that the IRS and DHS acted unlawfully in sharing taxpayer address information and have enjoined the practice.

Representative Richard Neal (D-MA), the top Democrat on the House Ways and Means Committee, stated: “The Trump Administration just committed a grave crime against taxpayers, clearly showing why data sharing among agencies is not something to be undertaken lightly. Privacy is next to liberty in American values.”

Public Citizen co-president Lisa Gilbert added: “This breach of confidential information was part of the reason we filed our lawsuit in the first place. Sharing this private taxpayer data creates chaos and, as we’ve seen this past year, if federal agents use this private information to track down individuals, it can endanger lives.”

The Whistleblower: Daniel Berulis and the NLRB

The IRS data sharing scandal does not exist in isolation. It is part of a broader pattern of federal data security breaches linked to DOGE’s expansion across federal agencies. One of the most alarming examples was brought to light by Daniel Berulis, a cybersecurity professional at the National Labor Relations Board.

In April 2025, Berulis filed an extensive whistleblower disclosure with the Senate Intelligence Committee and the U.S. Office of Special Counsel, as reported by NPR and Nextgov. His complaint, supported by forensic evidence and internal documentation, alleged that DOGE engineers had accessed and extracted large volumes of confidential data from NLRB systems while simultaneously disabling security monitoring tools designed to detect malicious behavior.

What happened next was chilling. Within minutes of DOGE gaining access, a user with a Russian IP address attempted to log into NLRB systems using a newly created DOGE email account with the correct username and password. The login attempts were blocked, but the fact that an adversary possessed valid credentials (in near-real-time) suggested that sensitive access information may have already been compromised. While it remains unclear whether the user was physically in Russia (hackers routinely mask their locations), security experts told NPR that the techniques employed resembled the playbook of foreign intelligence services, not federal workers.

Berulis alleged that DOGE engineers shut off security tracking tools, deleted evidence of what they accessed, and used software that rendered their activities nearly invisible. A significant spike in data leaving the agency followed, potentially using techniques that disguise exfiltrated data within normal-looking internet traffic. One engineer appeared to be developing a tool designed to extract files from the NLRB’s internal case management system, which is a system containing union organizing activities, employee whistleblower identities, legal strategies, and proprietary business information.

After Berulis raised concerns internally, he received a physical threat taped to his door containing personal information and overhead surveillance photographs of him walking his dog. His attorney, Andrew Bakaj of Whistleblower Aid, stated: “This case has been particularly sensitive as it involves the possibility of sophisticated foreign intelligence gaining access to sensitive government systems, which is why we went to the Senate Intelligence Committee directly.”

Berulis’s disclosures were not isolated. An aide for the Democratic minority on the House Oversight Committee confirmed that the panel was “in possession of multiple verifiable reports showing that DOGE has exfiltrated sensitive government data across agencies” for unknown purposes.

Why This Information is Critical NOW

In a normal news cycle, the unauthorized disclosure of confidential taxpayer data on tens of thousands of Americans, combined with evidence of foreign adversaries attempting to exploit DOGE’s access to federal systems, would dominate every front page, every evening broadcast, and every Congressional hearing room. This would not be a story about left versus right. It would be a story about the government breaking its most fundamental promise to the people it serves.

Consider what is at stake. Every American who files a tax return shares:

•  Full legal names of themselves, their spouses, and their dependents

•  Dates of birth

•  Social Security numbers for every person on the return

•  Wages, salaries, and all sources of income

•  Bank account and routing numbers (for direct deposit refunds)

•  Home addresses

•  Investment portfolios and financial account details

•  Health insurance information and medical expenses

This information represents the keys to a person’s entire identity. In the wrong hands, it enables identity theft, financial fraud, targeted harassment, and, as the NLRB whistleblower case suggests, potentially foreign intelligence exploitation.

This Is a Bipartisan Issue

Taxpayer confidentiality has always been one of the rare issues that unites both parties. The 1976 reforms were passed with overwhelming bipartisan majorities specifically to prevent executive abuse of tax data. In recent years, when IRS contractor Charles Littlejohn leaked President Trump’s tax returns to the New York Times and was subsequently sentenced to five years in federal prison. President Trump himself has now sued the IRS and Treasury for $10 billion over that leak.

Representative Neal made the connection explicit: “If the president can sue the IRS for $10 billion over the disclosure of his information, these victims should too. I would expect to see my Republican counterparts approach the wrongdoing of those at the IRS or DHS who were involved in these illegal disclosures with the same vigor that they applied to those responsible for the illegal disclosure of President Trump’s tax returns.”

He is right. The principle is the same whether the victim is the President of the United States or a taxpayer who filed using an Individual Taxpayer Identification Number. Section 6103 does not protect some Americans and not others. It protects everyone. And if we allow that protection to be breached for any population, regardless of who they are, we have undermined it for all of us.

The Deeper Threat: Voluntary Compliance at Risk

The American tax system is unique among developed nations in its reliance on voluntary compliance. The IRS does not have the resources to audit every return or independently verify every line of every form. The system works because the overwhelming majority of taxpayers file honestly, report their income accurately, and pay what they owe—in large part because they trust that the information they provide will be used solely for tax administration.

When that trust is broken, in this case when taxpayers learn that their confidential data may be shared with immigration enforcement, accessed by political operatives, or potentially exposed to foreign adversaries, the rational response is to provide less information, not more. Taxpayers may become reluctant to file electronically. They may hesitate to provide bank account information for direct deposit. They may structure their affairs to minimize the data they share with the government. And some may stop filing altogether.

This is not theoretical. The GAO has specifically warned that expanding exceptions to Section 6103 confidentiality could “significantly erode privacy and could compromise taxpayer compliance.” The cost of a compliance decline is staggering. The IRS currently collects approximately $4.7 trillion in revenue annually. Even a small percentage decline in voluntary compliance would translate to hundreds of billions in lost revenue, which would dwarf any savings achieved by the programs that precipitated the breach.

What Must Happen Now

The path forward requires immediate, bipartisan action on several fronts.

First, accountability. The Treasury Inspector General for Tax Administration must conduct a thorough investigation of the improper disclosures. Any individuals who authorized, facilitated, or failed to prevent the unauthorized sharing of taxpayer data must face the consequences prescribed by law, regardless of their position or political affiliation.

Second, transparency. Congress must demand full accounting of exactly what data was shared, how it was used, who had access to it, and whether any of it was further disclosed to unauthorized parties or compromised by foreign actors. The affected taxpayers must be notified.

Third, protection. Congress should pass the Taxpayer Data Protection Act with enhanced penalties for unauthorized disclosure. DOGE’s access to sensitive federal data systems must be immediately reviewed and, where appropriate, revoked. No entity, whether government or quasi-governmental, should have unfettered access to taxpayer data without the legal authority, security clearances, background checks, and information security training required by law.

Fourth, cybersecurity. The Berulis whistleblower disclosures raise the alarming possibility that DOGE’s activities across federal agencies have created new attack vectors for foreign intelligence services. A comprehensive cybersecurity audit of every federal system accessed by DOGE personnel must be conducted immediately, with results reported to the Intelligence Committees of both chambers.

Conclusion: The Compact Must Hold

In 1913, when the federal income tax was born, less than one percent of the American population was subject to it. Today, more than 150 million individual returns are filed each year. The system that collects trillions in revenue to fund the operations of the federal government rests on a single, fragile foundation: trust.

In 1976, in the wake of Watergate, a bipartisan Congress looked at the abuse of taxpayer data by the executive branch and said: Never again. They codified the promise that taxpayer data would remain confidential. They imposed criminal penalties for violations. They built guardrails specifically designed to prevent a president from using the tax system as a weapon.

Those guardrails are being dismantled. The data of tens of thousands of Americans has been improperly shared. A whistleblower who raised the alarm about foreign access to compromised federal systems was physically threatened. And the story is being lost in the noise of our fractured media landscape.

As a CPA who has served taxpayers for over two decades, I can tell you this: my clients trust that when they hand me their Social Security numbers, their children’s information, their bank accounts, and their financial lives, that data will be protected. That trust extends from me to the IRS, and from the IRS to the federal government. If that chain of trust is broken at any link, the entire system is in jeopardy.

This is not about politics. This is about whether the United States government will honor the promise it made to every American who has ever filed a tax return. The compact must hold…or we all pay the price.

Sources

Cohn, Michael. “IRS improperly shared taxpayer data with DHS.” Accounting Today, February 11, 2026.

DiMolfetta, David. “User with Russian IP address tried to log into NLRB systems following DOGE access, whistleblower says.” Nextgov/FCW, April 15, 2025.

NPR. “DOGE, NLRB, Elon Musk, SpaceX Security.” April 15, 2025.

Economic Times. “DOGE breach sparks cybersecurity crisis as Russian IP tries to access federal labor systems.” 2025.

Internal Revenue Code, Section 6103: Confidentiality and Disclosure of Returns and Return Information.

NYU Tax Law Center. “Understanding Taxpayer Privacy Protections Under Section 6103 and Related Statutes.” February 10, 2025.

U.S. Government Accountability Office. “Taxpayer Privacy: A Guide for Screening and Assessing Proposals.” GAO-12-231SP.

IRS. “Historical Highlights of the IRS.” IRS.gov.

Congressional Research Service. “Disclosure of Federal Tax Return Information to Congressional Committees.” R48323.

National Archives. “16th Amendment to the U.S. Constitution: Federal Income Tax (1913).”

About the Author

Jessica I. Marschall, CPA, ISA AM, is President & CEO of MAS LLC, The Green Mission Inc., Probity Appraisal Group, and GM-ESG. With 26 years of experience, she serves over 400 clients annually and has authored more than 150 articles on tax, valuation, and charitable contribution topics. She presents at conferences nationwide on advanced tax and appraisal subjects.