Democrat senators call's handling of user data 'careless, irresponsible, and improper' after Insider report

Democrat senators call's handling of user data 'careless, irresponsible, and improper' after Insider report
From left to right: Senator Ron Wyden, D-Ore., Senator Ed Markey, D-Mass., and Senator Chris Murphy, D-Conn., during a news conference in 2017.Tom Williams/CQ Roll Call
  • Identity startup has won dozens of contracts to provide verification for government agencies.
  • As it grew rapidly, it left some user data exposed on internal chat rooms and dashboards, an Insider investigation found.

Three Democratic senators this week criticized identity verification contractor's privacy and security standards after an Insider investigation found user data was left unsecure on internal dashboards. The senators, Robert Menendez of New Jersey, Ron Wyden of Oregon, and Ed Markey of Massachusetts, called the company's handling of personal information "reckless" and "irresponsible" in statements to Insider.

Data for any user, which included veterans and people seeking unemployment benefits, was easily accessible with a company laptop for most customer service workers, sometimes before background checks were complete, Insider previously reported. Some customer service workers were instructed to screenshot and upload users' personal documents (including passports, driver's licenses, and Social Security cards) to an internal Slack channel if they needed help verifying whether they were fake or real. has won contracts with the Internal Revenue Service, Social Security Administration, Department of Veterans Affairs, and dozens of state unemployment agencies for its identity verification product. Most of those deals were closed in the last two years, during which time the company grew rapidly, hiring nearly 1,500 people and setting up new offices in Tampa, Florida, Insider previously reported.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Menendez, who was the lead signatory on a February letter to the IRS commissioner expressing concerns about, said he was troubled by the information Insider found.

"I have repeatedly expressed concerns about the amount of data and information that is collected and retained by companies like," Menendez said in an email to Insider, which he then posted on Twitter. "This report reveals that my concerns were justified--given the careless, irresponsible, and improper manner in which taxpayer information was handled by's employees."


Wyden criticized for handling "Americans' Social Security cards, drivers licenses and other sensitive documents with reckless disregard for basic security measures."

"Putting a private company between Americans and essential government services is risky in the best circumstances," Wyden said. He added that federal agencies should "speed up adoption of," a publicly-funded login tool. Unlike, doesn't use facial recognition.

In February, Wyden also urged the IRS commissioner to stop using for accounts after Bloomberg reported that people were being locked out from accessing tax documents. The agency then said it would "transition away" from using

Insider's investigation noted that many customer service workers could view a tab within's internal interface, showing all of the possible facial recognition matches to the selfies that people submit while making an account. The matches sometimes exposed duplicate accounts, but often, workers said, selfies were matched to faces of obviously different people.

Markey, who also co-signed one of the February letters to the IRS, noted that the privacy violations described in Insider's report highlighted the need for Congress to pass legislation regulating the use of facial recognition by federal government and law enforcement.


"Consumers and members of the public shouldn't have to have to accept lax privacy and security standards as an inevitability in our increasingly digital society," he said in an email. "The stakes are particularly high when sensitive information, like biometric data, is involved." expanded quickly in response to its new contracts with the IRS and state unemployment agencies during the pandemic. Former employees told Insider that the company could not handle the avalanche of work it took on, leading to helpline queues thousands of people long. These workers were often told to verify accounts and resolve tickets as quickly as possible. Veterans and their families complaining to the VA about being unable to access their benefits would frequently be redirected back to's helpline, Insider previously reported.

On Tuesday, laid off some of its corporate employees. CEO Blake Hall said in an email to staff that the layoffs were part of the company's efforts to "reorient the business around core products and establish an organic path to profitability."

Are you a current or former employee? Know something we missed? Contact this reporter via email at or, or through secure messaging app Signal at +1 (785) 813-1084. Check out Insider's source guide for suggestions on how to share information securely.