Charles Littlejohn, the former IRS contractor who leaked the confidential tax data of thousands of wealthy individuals and major corporations, is asking the D.C. Circuit Court of Appeals to cut his five-year prison sentence.

The appeal, set for oral argument Tuesday, will test whether the district court erred in imposing the statutory maximum despite Littlejohn’s lack of prior offenses. The court’s panel—Judges Neomi Rao, Justin Walker, and Judith Rogers—will weigh how far sentencing discretion can stretch in a case that shook public trust in taxpayer confidentiality.

The Law in Play

At issue is IRC §6103, which bars unauthorized disclosure of tax return information. Littlejohn pled guilty to one count under that statute after admitting he leaked data to The New York Times and ProPublica between 2018 and 2021.

He argues the trial judge overreached by ignoring federal sentencing norms for first-time offenders, where similar cases often yield terms near 18 months.

The Justice Department counters that the unprecedented scale—records tied to roughly 7,600 individuals and 600 entities, possibly many more—justified the full five-year term as a deterrent and to preserve taxpayer confidence in the IRS’s data safeguards.

Timeline

• 2018–2021: While working for Booz Allen Hamilton, Littlejohn repeatedly accessed and leaked confidential IRS files to journalists.

• 2023: Federal prosecutors charged him with one count of unauthorized disclosure under §6103.

• January 2024: Littlejohn pleaded guilty in the U.S. District Court for the District of Columbia.

• January 2025: The court imposed the statutory maximum five-year sentence, citing the scope and impact of the leaks.

• November 2025: Oral argument before the D.C. Circuit focuses on whether the lower court followed proper sentencing procedures.

The Larger Story

Littlejohn’s actions prompted a storm of scrutiny over IRS data security. Multiple lawsuits by high-profile taxpayers, including Kenneth Griffin and Kelcy Warren, target the IRS and Booz Allen for failing to prevent the breach.

The Treasury Inspector General for Tax Administration (TIGTA) and the GAO each faulted the agency’s contractor oversight, finding “too many back doors” that allowed data extraction without alerts. GAO issued 77 security recommendations, all of which the IRS says it has now implemented.

Former Commissioner Danny Werfel defended the reforms but warned that rapid modernization risks new vulnerabilities, especially as agencies like the Department of Government Efficiency (DOGE) seek bulk access to taxpayer data under §6103 exceptions.

What It Means in Practice

For practitioners, the case underscores the expanding liability landscape around taxpayer confidentiality and data handling.

• Contractors and vendors with IRS or state-tax data access face heightened scrutiny and potential vicarious liability.

• Agency clients should confirm that access audits, multi-factor authentication, and real-time monitoring comply with GAO’s recommendations.

• Tax professionals advising clients in data breach cases should expect more aggressive DOJ prosecution strategies emphasizing deterrence under §6103.

• Compliance teams should review data-sharing policies tied to interagency requests, particularly those invoking criminal-investigation carveouts.

Next Steps

The D.C. Circuit’s decision will likely set the sentencing benchmark for future unauthorized-disclosure prosecutions. Briefing is complete; oral argument is scheduled for November 4, 2025, with a decision expected in early 2026.