IRS broke the law ‘approximately 42,695’ times after sharing confidential data with ICE, judge says

The ruling follows a declaration from a top IRS official who admitted in court filings that the IRS gave Homeland Security information on more than 47,000 of the 1.28 million people requested by Immigration and Customs Enforcement.

And in the vast majority of those cases, the IRS shared additional information in violation of federal rules designed to protect taxpayer data. Federal law requires agencies to provide the IRS with the name and address of a person they are looking for to ensure the government isn’t broadly exposing information beyond the specific individual in the request.

That didn’t happen in this case, according to the judge.

The IRS violated those rules "approximately 42,695 times” by disclosing last-known taxpayer addresses to ICE without confirming that ICE gave the agency valid addresses for the people it was seeking.

The IRS “not only failed to ensure that ICE’s request for confidential taxpayer address information met the statutory requirements, but this failure led the IRS to disclose confidential taxpayer addresses to ICE in situations where ICE’s request for that information was patently deficient,” according to the judge.

The data-sharing agreement joins the Trump administration’s government-wide effort to find, arrest, detain and deport tens of thousands of people from the country.

But in her declaration earlier this month, Dottie Romo, the tax agency’s chief risk and control officer, revealed that ICE’s requests didn’t even include addresses in many cases — including entries that said “Failed to Provide,” “Unknown Address,” and “NA NA.”

In other cases, addresses were incomplete or incorrect or listed detention centers and prisons as a taxpayer’s address.

“This confirms what we’ve been saying all along: that the IRS has an unlawful policy that violates the Internal Revenue Code’s protections by releasing these addresses in a way that violates the law’s requirement,” according to a statement from Center for Taxpayer Rights founder Nina Olson, whose organization sued the IRS.

Tom Bowman, policy counsel with the Center for Democracy and Technology, said the privacy breach “is a stark reminder of why safeguards for sensitive data are so critical.”

“The improper sharing of taxpayer data is unsafe, unlawful, and subject to serious criminal penalties,” he said in a statement following the revelation of those IRS disclosures.

“Once taxpayer data is opened to immigration enforcement, mistakes are inevitable and the consequences fall on innocent people,” he added. “The disclosure of thousands of confidential records unfortunately shows precisely why strict legal firewalls exist and have — until now — been treated as an important guardrail.”

The ruling is the latest legal blow in a months-long legal battle over the IRS and ICE data-sharing agreement.

Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem allowed ICE to seek information from the IRS, which led to the acting commissioner of the IRS to resign.

Earlier this month, a judge overseeing a separate case against the data-sharing agreement blocked ICE from using that data altogether.

This week, a federal appeals court declined to rule in favor of another immigrants’ rights group suing to block the agreement, with the judges agreeing that the information isn’t covered by the IRS privacy statute.

Attorney General Pam Bondi called the appeals court decision a “crucial victory” for the administration.

“Deporting illegal aliens makes the American people safer,” she said in a statement this week.