A $10 million contract reviewed by 404 Media shows Immigration and Customs Enforcement purchasing records tied to immigrants’ tax identifiers from a private data broker. The deal, signed June 5 with Thundercat Technology LLC, covers “ITIN data subscription and analytics” for fraud investigations. ITINs are the numbers the IRS issues to people who cannot get a Social Security number, including millions of undocumented immigrants who use them to pay taxes.
What makes this contract notable is the timing. Courts have already blocked the IRS from handing this same information to the Department of Homeland Security. One judge called the arrangement unlawful. Another warned it raised the risk of misidentifying taxpayers. Unable to get the data through a government agreement, ICE appears to have simply bought it on the open market instead.
This is the data broker loophole in plain view. When an agency cannot obtain information through a warrant, a subpoena, or a lawful interagency agreement, it turns to a private vendor and pays for it. The legal protections that are supposed to govern sensitive personal data fall away the moment that data is for sale.
A national privacy standard would close this gap. If sensitive records like tax identifiers required affirmative consent before they could be processed or sold, and if data brokers had to register with the FTC and account for how they source their information, agencies could not route around the courts by writing a check. The CFPB was close to closing this loophole before the rule was killed. The Thundercat contract shows why the next effort cannot wait.
;
