Up to 20,000 current and former employees with the US Internal Revenue Service (IRS) are at risk due to a reckless employee that took an unencrypted flash drive home and accessed it on an unsecure network.
Employee names, addresses and Social Security numbers were exposed, with all potentially affected employees notified by IRS officials.
"This incident is a powerful reminder to all of us that we must do everything we can to protect sensitive data - whether it involves our fellow employees or tax payers," said John Koskinen, in a memo sent to employees. "This was not a problem with our network or systems, but rather an isolated incident."
The biggest threat is to employees in Delaware, New Jersey and Pennsylvania, with the information dating back to 2007, which is when the IRS began mandatory encryption for sensitive data.