Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Feb 12, 2026 · 5 min read

The IRS Gave ICE Confidential Tax Data on Thousands of Immigrants

A federal privacy firewall meant to protect taxpayer data was breached when the IRS shared confidential records with immigration enforcement, and two courts have ruled it was illegal.

Official government tax documents and manila folders on a desk with a government building visible through a window

What Happened

The Internal Revenue Service improperly shared confidential tax information on thousands of individuals with U.S. Immigration and Customs Enforcement, violating a legal firewall that has protected taxpayer data for decades. The disclosure came to light through a court filing on February 11, 2026, by IRS Chief Risk and Control Officer Dottie Romo.

The breach stems from a data sharing agreement signed in April 2025 by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem. Under the agreement, ICE could submit names and addresses of people believed to be in the U.S. illegally for the IRS to cross reference against tax records.

The Scale of the Disclosure

ICE submitted 1.28 million names to the IRS for verification. The IRS was able to verify roughly 47,000 of them. But Romo's sworn declaration revealed that for a subset of those individuals, the IRS provided additional confidential information, including residential addresses, even when DHS could not supply enough data to positively identify the person.

In other words, the IRS disclosed private tax data about people whose identities hadn't even been confirmed. The agency later discovered it had "inadvertently shared more confidential information than that on thousands of taxpayers with DHS," though the full scope of the additional disclosure remains unclear.

Why This Matters

Federal tax secrecy law, codified in IRC Section 6103, exists for a specific reason: if people fear their tax filings could be used against them, they stop filing. This protection has been treated as near sacrosanct since the Watergate era, when President Nixon's attempts to weaponize the IRS against political opponents led to reforms that built a strict firewall around taxpayer information.

The implications extend beyond immigration enforcement. If the IRS can share tax data with one agency based on an executive agreement, the precedent opens the door for other agencies to request similar access. As Democratic Representative Richard Neal put it: "Privacy is next to liberty in American values."

Courts Have Repeatedly Blocked the Sharing

Two federal courts have already concluded that the IRS and DHS acted unlawfully. A Massachusetts federal court ordered the IRS to stop sharing residential addresses with ICE. Last November, another federal court blocked the IRS from sharing information with DHS entirely, ruling that the agency illegally disseminated taxpayer data.

A separate lawsuit filed by the Public Citizen Litigation Group challenges the legality of the data sharing agreement itself and is currently pending in the D.C. Circuit Court of Appeals. Despite these rulings, Treasury notified DHS of the most recent error only in January 2026 and requested "appropriate disposal" of the improperly shared data.

The Fallout

The controversy has already claimed casualties within the IRS. Acting Commissioner Melanie Krause departed following the initial disclosures about the data sharing arrangement. Reports indicate that employees affiliated with the Department of Government Efficiency provided access to confidential taxpayer information despite federal safeguards.

Whether DHS has actually disposed of the improperly obtained data remains an open question. Once information leaves a secure system, there is no reliable way to confirm it has been fully deleted from every location where it may have been stored, copied, or forwarded.

A Warning About Government Data Sharing

The IRS taxpayer data breach illustrates a broader pattern in government data privacy: protections that took decades to build can be dismantled quickly through executive agreements, and legal challenges take years to resolve. In the meantime, the data has already been shared.

For anyone concerned about how their personal data moves between government agencies, this case is a reminder that legal protections are only as strong as the institutions that enforce them. When those institutions fail, the courts become the last line of defense, and by the time they act, the damage may already be done.