WASHINGTON – Cybercriminals may be able to steal the personal information taxpayers share with the IRS because the agency has failed to maintain adequate protections, U.S. senators said Tuesday.
“Hackers and crooks, including many working for foreign crime syndicates, are jumping at every opportunity they have to steal hard-earned money and sensitive personal data from U.S. taxpayers,” said Oregon Sen. Ron Wyden, the top Democrat on the Finance Committee at a Tuesday hearing reviewing the IRS’ operation. “In my view, taxpayers have been failed by the agencies, the companies and the policymakers here in Congress they rely on to protect them.”
Wyden and other senators questioned whether the Internal Revenue Service’s digital defenses were adequate, citing a breach discovered last May in which the IRS said that more than 700,000 taxpayer accounts were accessed by online attackers between January 2014 and May 2015.
“While we are clearly making real progress in this area, the challenges are continuing to grow and criminals behind this kind of data theft are getting more sophisticated and aggressive, seemingly by the day,” said committee chairman Orrin Hatch, R-Utah. “And, American taxpayers and their livelihoods are their targets.”
Last month, the IRS suspended a service that allowed taxpayers who already had been victims of identity theft to retrieve specially issued Identity Protection PINs after attackers gained access to PINs associated with more than 100,000 Social Security numbers.
“So after leaving the front door open, the IRS left the back door open as well,” said Wyden. “There is no excuse for this.”
But IRS Commissioner John Koskinen noted that IRS security systems withstand more than 1 million malicious attempts to access them every day. He also pointed out that the IRS has implemented more than 2,000 security recommendations from the Government Accountability Office, a nonpartisan investigative arm of Congress, in recent years.
Comptroller General Gene Dodaro criticized the inconsistent application of security measures across the IRS, saying it has resulted in numerous weaknesses. The GAO made 94 recommendations between August 2014 and March 2016 that Dodaro hopes will be implemented to secure American taxpayers’ information.
The IRS is not alone in ineffectively protecting American taxpayers, senators said.
Consistent problems with private, paid tax preparers also need to be addressed by giving the IRS authority to regulate the preparers, Dodaro added.
Wyden said Congress also needs to authorize the IRS to streamline its hiring process for cybersecurity staff because cybersecurity specialists are in demand while the federal hiring process is slow. Koskinen said the standard federal hiring process takes three to six months.
Published in conjunction with 