Sen. Chuck Grassley has elicited a response from the IRS commissioner that the agency was slow to recognize a taxpayer data breach because the breach occurred during the high traffic tax season.
“That’s troubling because you’d think the IRS would be especially vigilant on theft and fraud during the busiest part of the tax season,” Grassley said. “Instead, it looks like the thieves were able to succeed because the IRS was busy and distracted. The IRS needs to continue to answer for its computer security problems.”
At a Finance Committee hearing, Grassley asked IRS Commissioner John Koskinen why it took the IRS until mid-May to notice a data breach that started in February, affecting 104,000 taxpayers and leading to the filing of about 13,000 fake tax returns, with an estimated loss of $39 million to the government. Koskinen said the breach was more easily identified when the tax season slowed down.
Also at the hearing, the Treasury Inspector General for Tax Administration, Russell George, said that since Fiscal Year 2011, his office has designated the security of taxpayer data as the top concern facing the IRS based on the increased number and sophistication of threats to taxpayer information and the need for the IRS to better protect taxpayer data and improve security. He said the inspector general completes approximately seven audits each year on various security programs, systems, and solutions. As of March 2015, these audits have resulted in 44 recommendations that have yet to be implemented, he said. While most of these recommendations are based on recent audits, there are 10 recommendations from five audits that are over three years old.
“The inspector general said the IRS lost more than $5 billion to refund fraud in 2013,” Grassley said. “That’s an affront to law-abiding taxpayers. The IRS’ job is to protect taxpayer information and prevent fraud.”
The IRS commissioner also committed to answer Grassley’s letter last week with questions on the data breach.