U.S. prosecutors and regulators are investigating a $32 million deal between CrowdStrike Holdings Inc. and a technology distributor to provide cybersecurity tools to the Internal Revenue Service, according to two people familiar with the matter and a document seen by Bloomberg News.

Investigators for the Justice Department and the Securities and Exchange Commission have been interviewing people and collecting records related to the deal, according to the document and people. They spoke on condition of anonymity because they are not authorized to discuss the matter.

Carahsoft Technology Corp. paid CrowdStrike for the deal that the cybersecurity firm closed on the last day of a fiscal quarter in 2023, but the IRS never purchased the products, Bloomberg first reported in October. The transaction under investigation was big enough that it could have made the difference between CrowdStrike beating or missing Wall Street projections for the period, although the Austin, Texas-based company has declined to detail how it accounted for the deal. The day after CrowdStrike reported results for the record quarter, its shares rose 10%.

The parallel probes, which haven’t been previously reported, also represent additional scrutiny of Carahsoft, a dominant reseller of technology to the U.S. government. The FBI searched the firm’s headquarters last year, and federal prosecutors are conducting a separate civil investigation of whether the company conspired with another technology firm to overcharge the government.

CrowdStrike spokesperson Brian Merrill said in an email, “we stand by the accounting of the transaction.” A lawyer for Carahsoft, Samarth Barot, declined to comment.

A spokesperson for the U.S. Attorney’s Office for the Southern District of New York, Nicholas Biase, declined to comment. An SEC spokesperson, Cory Jarvis, said the agency doesn’t comment on “the existence or nonexistence of a possible investigation.”

As early as last fall, SEC and DOJ investigators were questioning former CrowdStrike employees involved in the deal, as well as IRS staff, and they’ve continued to pursue interviews in recent weeks, according to the people and documents. They’ve also collected records related to the deal, including written communications from employees of the IRS, CrowdStrike and Carahsoft.

The investigators asked witnesses detailed questions about the interactions between CrowdStrike sales staff and IRS officials in the lead-up to the deal’s closure, one of the people said. They’ve inquired repeatedly whether the agency purchased the CrowdStrike software and were told no, the person said.

IRS officials did not respond to calls and emails seeking comment.

Prosecutors from the U.S. Attorney’s Office for the Southern District of New York are among those working on the investigation, according to the person.

The deal under scrutiny is complex and some specifics of it remain unclear. Documents from Carahsoft and CrowdStrike show that it was for identity threat protection software to be used by the IRS. The agency, however, never bought it.

CrowdStrike closed the deal on the last day of its third fiscal quarter in 2023. In a subsequent earnings call, Chief Executive Officer George Kurtz highlighted it by saying, “identity threat protection wins in the quarter included an eight-figure total deal value win in the federal government.”

Carahsoft has been making on-time payments to CrowdStrike, the cybersecurity firm told Bloomberg last fall. Both companies explained then that they had a “non-cancellable order” between them, but declined to say why they struck the deal without a purchase in place from the IRS, or what became of the millions of dollars worth of software subscriptions that were at stake.

In an earnings report in November 2024, CrowdStrike excluded roughly $26 million from its annual recurring revenue for the quarter. The company’s chief financial officer, Burt Podbere, said the unusual move followed the company determining the transaction wouldn’t be repeated “after a distributor in the federal space provided notice of its intention to exercise transferability rights with respect to a transaction.”

CrowdStrike representatives have declined to elaborate or say whether the comments were related to the deal involving the IRS and Carahsoft.

At the time of the deal, some CrowdStrike staff raised internal concerns that the company was “pre-booking” the transaction, which they viewed as incomplete because it was unclear whether the IRS would ever make the large purchase, Bloomberg previously reported. U.S. regulators have in some cases sued and fined companies over alleged pre-booking, also known as channel stuffing, claiming they misled investors by improperly recognizing revenue to inflate their financial figures.

A CrowdStrike spokesperson previously said it was “demonstrably false” that there was any pre-booking and that the deal was reviewed and “given a clean bill of health.”

U.S. investigators have already spent years examining Carahsoft, a leading player among resellers and distributors that help technology companies navigate the complexities of selling to government agencies. In September, agents from the FBI and the U.S. Department of Defense searched the company’s Reston, Virginia, headquarters.

A Carahsoft spokesperson said at the time that it was cooperating with the FBI probe, which involved “an investigation into a company with which Carahsoft has done business in the past.” The Justice Department is also conducting a separate civil investigation of Carahsoft and SAP SE for potential price fixing on government contracts, as Bloomberg previously reported. The German firm is cooperating with the civil probe, according to a spokesperson.

There’s no known link between CrowdStrike and the civil investigation nor the search of Carahsoft’s office. A representative of the cybersecurity company previously said it’s not connected to either.

Federal investigations, especially of complex cases, often run for years and many end without any formal accusations of wrongdoing.

Adam Pritchard, a professor at the University of Michigan Law School and former SEC lawyer, said that regardless of what investigators find, the probes will cost CrowdStrike and Carahsoft in legal fees and managers’ time, and draw scrutiny from their boards of directors. He said investigators will likely be interested in whether the companies had any “additional understandings” about the deal beyond their contract and, if so, whether they were disclosed to auditors.

“If I were investigating, I would want to know if there were implicit understandings that if the deal didn’t go through with the IRS that they could work out the money over the course of their ongoing relationship,” said Pritchard.

Thousands of IRS employees around the country reported to work Thursday prepared for an email announcement that they were being placed on leave.

For many, the email never arrived. Not because they weren’t being terminated — they were — but because of a technical glitch that prevented officials from notifying them via email, according to an agency employee and messages reviewed by Bloomberg News.

The agency has resorted to paper: “All terminated employees, whether they received the email or not, will be receiving a paper copy of the letter via UPS overnight tracked mail,” an internal message said, referring to United Parcel Service Inc. 

The IRS didn’t respond to a request for comment. The agency is planning to terminate about 6,700 probationary workers, a category that includes new hires as well as people recently promoted or reassigned, as billionaire Elon Musk’s Department of Government Efficiency project enacts sweeping job cuts across the federal workforce. 

Replacing email termination with overnight letter delivery added a potentially ironic wrinkle to the IRS job cuts: additional costs. Full details weren’t available Friday, but overnight letter delivery from UPS can cost more than $30 between adjacent areas, according to published rate schedules.

Spread across the roughly 6,700 employees scheduled to be terminated this week, the inability to deliver the bad news electronically could mean more than $200,000 in postage.

Cutting thousands of federal workers all at once has proved harder than anticipated for DOGE and the Trump administration. Last week, officials at the Small Business Administration sent termination notices to probationary staff, then told them the messages had been sent by mistake. The next day, SBA told the workers they had been fired after all. 

The Department of Energy laid off nuclear bomb specialists, only to reverse course and call them back to work. The Department of Agriculture accidentally cut workers who are charged with containing a massive bird flu outbreak, NBC News and other outlets have reported.

There was no indication the IRS was having second thoughts about the cuts, only having trouble with last-minute paperwork.

A copy of the IRS termination notice reviewed by Bloomberg said the agency was abiding by an executive order to “terminate probationary employees who were not deemed as critical to filing season.” 

“We don’t have many details that we are permitted to share, but this is all tied to compliance with the executive order,” the message said.

President Donald Trump is expected to sign a memorandum Friday that opens the door to levies in response to digital services taxes some countries impose on U.S. tech giants, people familiar with the plans said, the latest step to expand a tariff war aimed at addressing imbalances in global trade.

The memo, which the people familiar discussed on condition of anonymity before it is made public, focuses broadly on digital trade issues. Friday’s action directs the Office of the U.S. Trade Representative to develop remedies for the taxes that foreign governments impose on U.S. tech companies such as Alphabet Inc. and Meta Platforms Inc., the people said. 

The memo is not expected to implement tariffs immediately and it does not set a timeline for when such duties might take effect, according to the people familiar.

The White House did not immediately respond to a request for comment.

The move addresses an issue that has long been a concern for Trump — dating back to his first stint in the White House. In 2019, the USTR initiated separate probes into the tax systems for France, Italy, Spain, India and other countries, with the U.S. concluding at the time that the taxes were discriminatory and disproportionately hurt American firms.

Some nations have since withdrawn their digital services tax plans and instead joined a global negotiation for a minimum tax on tech companies — but those talks have stalled repeatedly.

According to the Computer and Communications Industry Association, approximately 30 countries have adopted or proposed DSTs in recent years, including other major U.S. trading partners such as the U.K. and Canada. Canada’s tax took effect in 2024.

Trump’s action comes ahead of a visit from French President Emmanuel Macron, whose country has a digital tax that hits major U.S. tech multinationals, and whose finance minister said earlier this month they intended to keep in place.

France was one of the first countries to implement a digital services tax. The two sides negotiated a truce, under which France would have withdrawn the tax after global rules on taxing digital multinationals came into effect. Those negotiations, however, never concluded.

U.S. retaliation over digital taxes threatens to roil already tense relations with France and other European countries already at odds with Washington over Trump’s push to negotiate an end to the war in Ukraine directly with Russian President Vladimir Putin.

Trump and his allies have railed against what he sees as unfair practices from Europe over trade, taxation and efforts to counter mis- or dis-information on social media that he says target U.S. tech companies. More broadly, Trump’s plans highlight how in his second term he has sought to employ tariffs to reshape global trade ties and force companies to move production to the U.S. 

The president has already imposed a blanket 10% tax on imports from China, ordered — and then paused — 25% tariffs on goods from Canada and Mexico, unveiled plans for a 25% levy on U.S. imports of steel and aluminum and directed his administration to propose a round of reciprocal tariffs for each trading partner. He’s also said tariffs on automobiles, semiconductors and drug imports are forthcoming.

Trump’s second term has seen Silicon Valley executives seek to woo the new president, with the prominent CEOs of some of the country’s largest tech companies visiting him at his Mar-a-Lago estate during the transition and attending his inauguration last month. Trump has vowed to target policies abroad he says harm those giants but many of his moves, such as fresh tariffs, threaten to squeeze tech companies that rely on global supply chains.