The pitch was precise. The paperwork now says the government got messier, faster, and with the wrong people in the crosshairs.
What You Should Know
A court filing says the IRS erroneously shared taxpayer information with the Department of Homeland Security after ICE submitted 1.28 million names for address verification. Treasury told DHS to remediate and dispose of improperly shared data.
The disclosure sits inside a broader, hard-edged push to use tax records to locate immigrants in the U.S. illegally. It also lands in the middle of a legal fight led by Public Citizen and other immigrant rights groups that has already produced court orders narrowing what the IRS can hand over.
The Deal Was Sold as Verification, Not a Data Spill
According to an Associated Press report published by PBS NewsHour on February 12th, 2026, the IRS and DHS entered a data-sharing agreement signed in April 2025 by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem. The idea: ICE could send names and addresses to the IRS for cross-checking against tax records.
That arrangement has been controversial from the start because the IRS is built around compliance and confidentiality, while ICE is built around enforcement. Putting the two in the same pipeline raises a simple question that courts have been forced to answer: what, exactly, is allowed to move through that pipe?
The new wrinkle is not just that information moved. It is the information moved incorrectly.
1.28 Million Names in, 47,000 Verified, Then Thousands Shared Wrongly
A declaration described in the court filing, submitted February 11th, 2026, by IRS Chief Risk and Control Officer Dottie Romo says the IRS was only able to verify roughly 47,000 of the 1.28 million names ICE requested.
Then comes the part that turns a policy fight into a cleanup operation. For less than 5% of those verified individuals, the filing says the IRS provided ICE with additional address information, and the agency later determined that thousands of those disclosures were erroneous.
In other words, ICE asked for a massive list, the IRS confirmed a relatively small slice, and within that slice, the IRS says it still sent out address data that it should not have sent.
Treasury Told DHS to Remediate and Dispose of the Data
Romo said Treasury notified DHS in January 2026 and asked for help fixing the problem, including the disposal of any data that should not have been provided based on incomplete or insufficient address information. The language matters because it frames the response as more than a clerical correction. It treats the data as something that has to be contained, tracked, and destroyed.
That is where the power dynamic snaps into focus. The IRS can request disposal. DHS and ICE control what happens operationally once information has been received. If the government is going to claim the error is remediable, the remediation has to happen inside an enforcement apparatus that is not designed to forget.
The Courts Have Already Been Warning About This
The IRS-DHS agreement has been under legal attack. Public Citizen sued shortly after the agreement was signed, according to the AP account, arguing the arrangement threatened long-standing taxpayer privacy protections.
Courts have also moved to limit the flow. The AP report says a Massachusetts federal court ordered the IRS to stop sharing residential addresses with ICE. It also notes that a federal court blocked the IRS from sharing information with DHS in November 2025, finding the IRS had illegally disseminated some migrants’ tax data during the prior summer.
Those rulings matter now because they make the government own two competing realities at once: officials said the data-sharing plan had guardrails, and judges have repeatedly found the guardrails were not being honored.
Advocates Say the Risk Is Not Abstract
The story was initially reported by The Washington Post, according to the AP. The IRS did not respond to an AP request for comment, the report says, leaving the filing to do the talking.
Advocacy groups are not just arguing the law. They are arguing consequence. Public Citizen’s Lisa Gilbert tied the erroneous disclosure directly to the reason the lawsuit exists in the first place.
“This breach of confidential information was part of the reason we filed our lawsuit in the first place. Sharing this private taxpayer data creates chaos and, as we’ve seen this past year, if federal agents use this private information to track down individuals, it can endanger lives.”
Another warning came from the Center for Democracy & Technology. Policy counsel Tom Bowman argued the legal exposure is not a slap-on-the-wrist situation, saying the conduct can carry criminal penalties.
“Once taxpayer data is opened to immigration enforcement, mistakes are inevitable and the consequences fall on innocent people. The disclosure of thousands of confidential records unfortunately shows precisely why strict legal firewalls exist and have until now been treated as an important guardrail.”
Why This Is Bigger Than One Filing
Even in the government’s own telling, the numbers raise uncomfortable questions. ICE sent 1.28 million names. The IRS could verify about 47,000. That is not a minor mismatch. It suggests either the request list was broad by design, the matching process is limited by the data the government already has, or both.
Then there is the “less than 5%” detail. A small fraction of 47,000 is still enough to produce thousands of erroneous disclosures, the filing says. That is the nightmare scenario critics warned about, translated into a concrete operational failure: once you build a channel for sensitive information to move, the channel will move sensitive information, including the wrong information.
The reputational stakes are not limited to DHS. The IRS is one of the federal government’s most compliance-dependent agencies. Its entire system relies on taxpayers believing their data is protected, even when they are the subject of other government scrutiny. If the IRS becomes a back door to enforcement, the agency risks undermining voluntary compliance and deterring people from filing accurately, which is the opposite of what it exists to enforce.
What Happens Next, and What to Watch
The immediate question is remediation. Did DHS actually dispose of the improperly shared data, and how will that be documented? A request to dispose is not the same as a verified disposal process, and the filing’s own phrasing suggests Treasury understands the legal sensitivity of that distinction.
The second question is the fate of the April 2025 agreement itself. Court orders have already narrowed what the IRS can share, and this mistaken disclosure injects a new argument for critics: it is not just that the policy may be unlawful. It is that the system cannot reliably execute the policy without breaking the privacy rules it claims to respect.
Finally, there is the political and operational incentive problem. DHS is under pressure to produce deportation results. The IRS is under pressure to protect confidentiality while cooperating with other agencies. Those pressures collide in exactly the place this filing describes: a high-volume request, imperfect matching, and an error that is hard to un-ring.
If the government wants the public to believe this was a contained mistake, the next round of filings and court orders will have to show containment with receipts, not reassurances.
