IRS employee not guilty of inadvertent disclosures

The IRS employee who mistakenly disclosed personal information on more than 20,000 employees and contractors was found not guilty of criminal charges last week in a case that showed how easily confidential government information can turn up on the Internet.

A federal jury in Maryland found Carl Sheerer not guilty of misdemeanor charges, rejecting prosecutors’ effort to punish someone for a breach discovered by a private security firm last year.

Mr. Sheerer, an IT employee who handled identification badge computer systems in three states, stored backed-up IRS data on a thumb drive, then placed it on a file transfer protocol server at his house in Maryland, according to the evidence.

From there, the information was indexed by Google and made public, though there’s no evidence anyone other than a security firm researcher stumbled across the data.

Mr. Sheerer’s attorney, Daniel Wright, said in an interview after the trial last week that prosecutors couldn’t produce any evidence that the data breach was intentional.

“Prosecutors also did not produce evidence that anyone’s identity was stolen or that anyone other than the New York employee had ever accessed the data,” he said.

The Washington Times first disclosed the criminal charges against Mr. Sheerer in August. The charges came months after IRS Commissioner John Koskinen issued a memo to agency employees describing the breach.

While Mr. Koskinen’s memo did not mention Mr. Sheerer by name, it stated than an IRS employee had placed data on a computer thumb drive, then placed the data on his personal network at home.

Internet security firm Identity Finder tipped off the IRS about the breach, according to an affidavit filed in federal court in Greenbelt.

Mr. Wright said his client never sought to profit from the data breach and wasn’t even aware that it had happened.

The lawyer said the agency’s woes, including reports of lost laptops, the earlier breach and the IRS targeting scandal against conservative groups, may have played a role in the decision to try to make a “scapegoat” out of Mr. Sheerer. The U.S. attorney’s office in Maryland was not immediately available for comment.

Earlier this year, the same security firm that found the information on Mr. Sheerer’s network also discovered more than 630,000 Social Security numbers in a review of millions of IRS filings by nonprofit organizations, which are publicly disclosed.