The Treasury Department has announced the cancellation of all contracts with Booz Allen Hamilton following the massive IRS data breach involving former employee Charles Edward Littlejohn. The decision terminates 31 contracts with the government consulting firm, representing approximately $4.8 million in annual spending and roughly $21 million in total obligations. Treasury officials cited the company’s failure to adequately protect sensitive taxpayer information as the primary reason for severing ties.
Treasury Secretary Scott Bessent framed the move as part of efforts to eliminate waste, fraud, and abuse while restoring public trust in government institutions. According to a Treasury press release, Booz Allen failed to implement adequate safeguards for confidential taxpayer data accessed through IRS work. The announcement comes on the opening day of the 2026 tax filing season.
The Charles Littlejohn IRS Data Breach
The breach referenced by Treasury is considered among the most serious in U.S. history. Between 2018 and 2020, Littlejohn, a former IRS contractor employed by Booz Allen, stole and disclosed tax returns and return information belonging to high-profile individuals including Donald Trump. Prosecutors indicated that Littlejohn viewed Trump as dangerous and intended to release private tax information to the public.
Littlejohn initially disclosed Trump’s tax information to the New York Times. According to court records, he also turned over returns and return information dating back more than 15 years for billionaires Elon Musk, Jeff Bezos, Warren Buffett, and Michael Bloomberg to ProPublica. The leaked material included not only tax returns but also investment details, stock trades, gambling winnings, and audit determinations.
Additionally, the IRS data breach affected taxpayers beyond those whose names appeared publicly. Some taxpayers who were shareholders in passthrough entities found their information compromised when Forms K-1 from those entities were leaked. Littlejohn accessed the returns using broad search parameters designed to conceal his true purpose and evaded IRS detection systems by saving data to multiple personal storage devices, including an iPod.
In October 2023, Littlejohn pleaded guilty to unauthorized disclosure of tax returns and return information, a violation of section 7213(a)(1) of the tax code. He was sentenced to the maximum penalty of five years and is currently serving his sentence in a Florida prison.
Widespread Impact and Government Response
The scope of the IRS data breach proved far larger than initially understood. According to IRS disclosures, approximately 405,000 to 406,000 taxpayers were affected, with the vast majority being business entities. The leaked material included highly sensitive financial details that extended well beyond what was publicly reported.
Beginning in late 2023 and continuing into 2024, the IRS mailed legally required notification letters to affected taxpayers. The agency later issued a rare public apology to victims, including wealthy individuals whose confidential information was disclosed to journalists. The IRS conceded that the data breach violated strict federal laws governing tax return confidentiality.
However, some victims faced limitations when filing claims against the IRS because Littlejohn was a contractor rather than a government employee. Other lawsuits instead targeted Booz Allen, alleging the firm failed to properly monitor employee access to IRS systems and protect taxpayer data. Booz Allen has consistently characterized Littlejohn’s conduct as that of a rogue actor who concealed misconduct within government systems.
Meanwhile, the timing of Treasury’s announcement appears deliberate. Taxpayer privacy concerns have intensified since the breach, particularly regarding Elon Musk’s Department of Government Efficiency requests to access sensitive taxpayer data and the IRS’s agreement to share immigrant tax data with Immigration and Customs Enforcement.
Booz Allen Hamilton Defends Its Record
Booz Allen, a management and technology consulting firm headquartered in McLean, Virginia, has a long history of working with U.S. civilian and defense agencies. The company employs approximately 36,000 people and has secured billions of dollars in government-funded contracts over the years.
In a statement to Forbes, Booz Allen condemned Littlejohn’s actions in the strongest terms. The company emphasized that it operates under the highest ethical and professional guidelines and maintains zero tolerance for legal violations. Booz Allen noted that Littlejohn’s criminal conduct occurred on government systems, not company systems, and that the firm stores no taxpayer data on its own networks.
The company also stated it fully supported the government investigation that led to Littlejohn’s prosecution. Booz Allen expressed surprise at Treasury’s announcement and indicated it looks forward to discussing the matter with the department.
It remains unclear whether Treasury will consider alternative arrangements with Booz Allen or whether other federal agencies will follow suit in reviewing their contracts with the firm. The decision sets a precedent for how the government addresses contractor failures related to data security breaches, though the full implications for both Booz Allen and government contracting practices have yet to unfold.
