Friday, 17 July 2026 · World
USD/EUR 0.8735 USD/GBP 0.7415 USD/JPY 162.3 USD/CNY 6.78 All rates →
RSS
EUROS The World Financial Report
Nº 6 Friday, 17 July 2026 · World Edition
LATEST
Companies

Treasury Cancels Booz Allen IRS Contracts as Watchdog Flags Security Gaps

EUROS Newsroom · 47m ago · 2 min read
Treasury Cancels Booz Allen IRS Contracts as Watchdog Flags Security Gaps

The Treasury Department canceled $21 million in IRS contracts with Booz Allen Hamilton as a federal watchdog uncovered severe physical and digital security failures at other tax-agency contractors.

The Treasury Department canceled 31 contracts with Booz Allen Hamilton worth a combined $21 million, citing the consulting firm's failure to prevent a massive taxpayer data breach by one of its employees. The move eliminates $4.8 million in annual spending.

The January 26 termination directly references the conduct of Charles Edward Littlejohn. While employed as an IRS contractor by Booz Allen between 2018 and 2020, Littlejohn downloaded and disclosed tax returns for Donald Trump, thousands of wealthy individuals, and hundreds of thousands of business entities. The breach ultimately affected approximately 406,000 taxpayers. Booz Allen disputed the government's framing, emphasizing that Littlejohn's misconduct occurred entirely on IRS systems and that the firm does not store taxpayer data on its own networks.

Systemic risks in federal outsourcing

The cancellation landed alongside a memo from the Treasury Inspector General for Tax Administration detailing ongoing, fundamental security failures at other IRS contractors. The audit of the IRS Zero Paper Initiative found that physical and digital safeguards remain deeply flawed years after the Littlejohn leaks.

At two facilities digitizing tax records, 14 contractor employees entered restricted areas 1,375 times without IRS authorization. At one site, an unguarded loading dock providing direct access to stored taxpayer documents was left open during the day. TIGTA noted the contract did not explicitly mandate interior guards, but held the contractor responsible for the lapse.

Digital vulnerabilities present an even starker risk. Inspectors found 269 security weaknesses in systems processing taxpayer information at one site. Of those, 128 were unresolved past IRS deadlines, including 20 critical flaws that went unpatched for an average of 223 days despite a 30-day remediation requirement. One critical vulnerability involved unsupported software that no longer receives vendor security updates.

Compliance costs to rise

For companies bidding on federal IT and processing contracts, the TIGTA findings signal a regulatory environment about to demand significantly stricter compliance. The IRS acknowledged its current cybersecurity assessments failed to catch these overdue vulnerabilities. In response, the agency is mandating monthly reviews of physical-access logs and establishing new processes to track aged digital vulnerabilities.

The immediate financial damage to Booz Allen from the canceled contracts is modest, but the policy shift has broader market implications. IT service providers will likely face higher compliance costs to meet tightened IRS security protocols, while the government's willingness to publicly terminate agreements over past security incidents introduces new reputational and revenue risks for incumbent contractors.