IRS commissioner to face questions about security weaknesses

(AP Photo/J. David Ake, File)

WASHINGTON (AP) — Government watchdogs warned the IRS about security flaws in the agency’s computer systems years before hackers stole the personal information of thousands of taxpayers from an IRS website.

Now IRS Commissioner John Koskinen is heading to Capitol Hill to answer questions about why the tax agency didn’t address those weaknesses.

“Computer security has been problematic for the IRS since 1997,” the agency’s inspector general said in an October memo to Treasury Secretary Jacob Lew. In the memo, inspector general J. Russell George said securing taxpayer and employee data was the IRS’s top management challenge.

More recently, the Government Accountability Office issued a report in March that identified dozens of weaknesses in the IRS’s computer security. Until those weaknesses are fixed, “financial and taxpayer data will remain unnecessarily vulnerable to inappropriate and undetected use, modification or disclosure,” the GAO said.

Criminals stole the personal information of 104,000 taxpayers from an IRS website from February to mid-May, the agency disclosed last week. The information was stolen as part of an elaborate scheme to claim fraudulent tax refunds, Koskinen told reporters.

IRS investigators believe the thieves were based in Russia, two officials who were briefed on the matter told The Associated Press. The officials spoke on condition of anonymity because they were not authorized to speak publicly about an ongoing criminal investigation.

Koskinen and George are scheduled to testify before the Senate Finance Committee Tuesday morning. Koskinen also is appearing before the Senate Homeland Security Committee Tuesday afternoon.

“Last week’s devastating announcement that the private information of over 100,000 taxpayers had been compromised sent shock waves through the halls of Congress,” said Sen. Orrin Hatch, R-Utah, chairman of the Finance Committee. “Given that the IRS’s own internal watchdog has repeatedly warned that their security system was not up to par, we need to find out exactly what happened, who is behind it, and how we can move forward to ensure it never happens again.”

The IRS blames budget cuts for hampering the agency’s ability to upgrade its computer systems. In a statement, the IRS said funding for cybersecurity has fallen from $187 million in 2011 to $149 million in 2015, a drop of more than 20 percent.

Overall, the agency’s funding has been cut by more than $1 billion since 2010, to $10.9 billion this year.

Koskinen has said the IRS is still using some computer applications that date to the Kennedy administration. In February, he warned Congress that budget cuts were preventing the IRS from improving safeguards against identity theft.

“The cuts we are making include delays to critical information technology investments of more than $200 million this year,” Koskinen told the Finance Committee at a hearing. “This means, among other things, that aging IT systems will not be replaced and new taxpayer protections against identity theft will be delayed.”

The thieves took the taxpayer information from an IRS website called “Get Transcript,” where taxpayers can get tax returns and other tax filings from previous years.

The breach doesn’t appear to be a traditional hack. The thieves already had detailed knowledge about each taxpayer, including their Social Security number, date of birth, tax filing status and street address. They presumably stole the information elsewhere, the IRS said.

The thieves used the information to access the IRS website. Koskinen said old tax returns could help criminals prepare more authentic-looking tax returns in the future, which they could use to claim fraudulent refunds.

This year, the thieves claimed about 15,000 refunds using information they stole from the website. Koskinen said the refunds totaled as much as $50 million.

___

Follow Stephen Ohlemacher on Twitter: http://twitter.com/stephenatap

Copyright 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

WTNH NEWS8 provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others. If you see an inappropriate comment, please flag it for our moderators to review. Also, you can now block any inappropriate user by simple selecting the drop down menu on the right of any comment and selection "Block User" from there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s