A federal judge on Thursday said the IRS broke the law by violating the Internal Revenue Code approximately 42,695 times when it shared confidential taxpayer addresses with Immigration and Customs Enforcement.
In a ruling issued on Feb. 26, U.S. District Judge Colleen Kollar-Kotelly wrote that the majority of the nearly 47,300 taxpayer addresses the IRS shared with ICE last August were disclosed without the tax agency confirming that ICE provided a valid address for the person whose records it was seeking.
Kollar-Kotelly issued the ruling as part of ongoing litigation over a data-sharing arrangement between the IRS and the Department of Homeland Security, the Washington Post reported.
Federal law requires that before the IRS hands over a taxpayer’s address, a requesting agency must first provide the IRS with the name and address of the person it’s looking for, the Post noted. The requirement exists to ensure that the government can access confidential tax records only for individuals it has already specifically identified.
The ruling finds that DHS didn’t follow this law.
“[I]n many cases, the IRS disclosed taxpayer addresses to ICE without first confirming that ICE’s request for that taxpayer included the ‘address of the taxpayer.’ The Court reached this conclusion because, according to counsel for Defendants, if ICE’s request to the IRS ‘provided a name and taxpayer identification number for an individual that matched up with the name and taxpayer identification number that the IRS had in its system, then the IRS disclosed the last known address for that individual without confirming whether the address ICE provided for that individual matched an address the IRS had in its system.’” the judge wrote.
“[T]he IRS ran one of two ‘mutually exclusive’ computerized processes to determine whether the ICE-supplied information ‘matched’ the IRS’s records and thus, it appears, warranted making disclosure,” she continued. “If ICE’s request included a social security number for the relevant taxpayer, then the IRS disclosed the taxpayer’s last known address to ICE ‘when the ICE-supplied first name, last name, and SSN fields matched with a name and associated TIN in IRS’s records.’ Under this process—referred to as ‘TIN Matching’—the IRS did not make any inquiry into the ICE-supplied ‘address of the taxpayer’ beyond its initial automated check for a zip code proxy. If ICE’s request did not include a taxpayer’s SSN, then, and only then, did the IRS confirm that ‘the ICE-supplied first name, last name, and address fields matched with a name and associated address in IRS’s records.’
“Of the 47,289 taxpayer addresses that the IRS disclosed to ICE through these two mutually exclusive matching processes, 90.3% (i.e., 42,695 addresses) were matched by TIN Matching, while the other 9.7% (i.e., 4,594 addresses) were matched by Address Matching,” she added. “Accordingly, the IRS violated [Section 6103(i)(2) of] the IRC approximately 42,695 times by disclosing last known taxpayer addresses to ICE through TIN Matching without confirming that ICE’s request set forth the ‘address of the taxpayer with respect to whom the requested return information relate[d].’”
The Center for Taxpayer Rights sued the IRS last year, following a data-sharing agreement signed in April 2025 by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem that allows ICE to submit names and addresses of immigrants inside the U.S. illegally to the IRS for cross-verification against tax records.
The Treasury Department said at the time that the agreement will help carry out President Donald Trump’s agenda to secure U.S. borders and is part of his larger nationwide immigration crackdown, which has resulted in deportations and workplace raids.
Immigrant advocates said the IRS-DHS information-sharing agreement violates privacy laws and diminishes the privacy of all Americans.
Melanie Krause, the acting IRS commissioner when the agreement was signed, resigned in protest.
Recommended Articles
The Washington Post first reported the data disclosure at the center of this case, citing three people familiar with the matter who said it appeared to breach legal safeguards protecting taxpayer data and was only recently discovered.
The IRS later confirmed the Post’s reporting in a court filing earlier in February, when agency chief risk and control officer Dottie Romo stated in a sworn declaration that the IRS shared confidential taxpayer information even when the DHS lacked sufficient data to identify specific people positively.
“The Romo Declaration is a significant development in this case,” Kollar-Kotelly wrote in Thursday’s ruling. “Not only does it confirm the Court’s finding that the IRS violated IRC Section 6103(i)(2) by disclosing thousands of confidential taxpayer addresses to ICE without first determining that ICE’s request included the ‘address of the taxpayer,’ but it reveals that the IRS provided confidential taxpayer addresses to ICE in response to requests from ICE that the IRS now admits were legally deficient.”
Photo credit: marcnorman/iStock
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
