Now that tax day has come and gone the IRS is under fire on Capitol Hill over fresh concerns that taxpayer information remains at risk from cyber attacks.
IRS Commissioner John Koskinen was called before the Senate Finance Committee to answer questions about cyber security, after a report from the Government Accountability Office flagged “significant” security issues — months after a breach that compromised the files of hundreds of thousands of taxpayers.
“There is no excuse for this,” Sen. Ron Wyden, D-Ore., said of the IRS’ cyber-vulnerabilities.
At the hearing, GAO head Gene Dodaro, the comptroller general, detailed the findings of his agency’s March report, which said the IRS has not effectively implemented many recommended security measures and is vulnerable to hacking attempts. In his testimony, he cited weaknesses such as easily guessed system passwords, officials being given rights and privileges beyond what they need to have, and systems that should be encrypted but are not. The GAO made dozens of security recommendations. “We’re hopeful they will rigorously implement our recommendations over the next few years, all 94 that we have outstanding,” Dodaro said.
The agency said in February that a breach, believed to have been carried out by Russian hackers, led to the compromising of the accounts and information of more than 300,000 taxpayers. Another 295,000 were targeted but were not accessed.
The cyber thieves hacked into the agency’s “Get Transcripts” system where taxpayers get returns and other prior-year filings. The breach was discovered in May 2015. Koskinen conceded there was still a lot of work to do, and said the threat of cyber attacks has evolved from a few individuals filing a few hundred fake refunds to organized crime syndicates with access to large amounts of data.
