Could the Internal Revenue Service have prevented the latest massive data breach that put hundreds of thousands of taxpayers’ financial information at risk?
That seems to be the suggestion of the federal watchdog in charge of keeping tabs on the IRS. During a congressional hearing on Tuesday, J. Russell George, Treasury Inspector General for Tax Administration (TIGTA), told lawmakers that the IRS had failed to act on a handful of recommendations the IG had previously made to address serious security weaknesses within the agency’s databases.
Last week, the IRS announced that a network of cyber thieves hacked into its online system Get Transcript, stealing personal, financial information from at least 104,000 people between February and May of this year.
The IRS said fraudsters filed roughly 13,000 returns that were processed this tax season—which cost about $39 million. The IG and IRS officials told lawmakers they believed the thieves were part of a complex international crime syndicate from Russia and other unnamed countries.
George told the Senate Finance Committee that had the IRS taken up the IG’s previous recommendations, it would have been more difficult for the hackers to succeed.
According to the IG, the agency failed to implement at least 44 of its security upgrades. George said the IRS still relies on 19-year-old security software. Separately, he said the IRS failed to monitor some of its servers.
The IRS chief, John Koskinen, defended his agency, contending that taking up the IG recommendations would not have prevented the data breach because the attack was on a separate website and the hackers already had stolen taxpayer Social Security numbers elsewhere to gain access to it.
Still, he said more work needs to be done to tighten security and prevent similar hacks.
Koskinen said the IRS had already sent letters to the 104,000 people who had their information stolen and would be sending another wave of letters to 100,000 others whose information could also be vulnerable.
The breach comes as identity theft is at a record high. Earlier this year, TIGTA reported that 1.6 million taxpayers were affected by identity theft in 2014 – compared with just 271,000 in 2010.
Koskinen told lawmakers that the IRS is attempting to ramp up its identity fraud prevention efforts, but budget cuts have hampered the agency.
Top Reads from The Fiscal Times: